So I’ve been branding up a SharePoint system, and discovering all of the fun ‘features’ of the master pages in SharePoint. One of them is the way that SharePoint has lots of pages which use the ‘administration’ master page, which you can’t customise. And some are a bit awkward – File upload, Create Web Page, View All Site Content, Recycle bin.
Well, the View All Site content page is awkward, as everyone seems to have it on their page, but I think you’d miff site admins by removing it from the page. So, I went in and had a look at the code for it – and realised that it was security trimmed. It uses an SPSecurityTrimmedControl:
<!-- View All Site Content --> <label class="ms-hidden"> <SharePoint:EncodedLiteral runat="server" text="<%$Resources:wss,quiklnch_pagetitle%>" EncodeMethod="HtmlEncode"/> </label> <Sharepoint:SPSecurityTrimmedControl runat="server" PermissionsString="ViewFormPages"> <SharePoint:SPLinkButton id="idNavLinkViewAll" runat="server" NavigateUrl="~site/_layouts/viewlsts.aspx" Text="<%$Resources:wss,quiklnch_allcontent%>" AccessKey="<%$Resources:wss,quiklnch_allcontent_AK%>"/> </SharePoint:SPSecurityTrimmedControl>
Hmm. Okay. But users with very few permissions were still able to see this link. What gives?
Well, the important part is the PermissionsString attribute – it’s set to ViewFormPages. That’s pretty low – users who’re able to view a library seem to have that. So I wondered, what other PermissionsStrings are there?
A quick search found Zac Smith had been wondering the same thing. And then I thought to check MSDN, and they have a nice list of the permissions and what they mean.
So, I set PermissionsString to ManageWeb, and now the ‘View All Content’ link should only appear for Site Admins.