SharePoint/WSS: Modify "created by" field?

Question

All -

I am using WSS 3.0. Currently, HR will upload an employee's internal company resume to a document library on our site, but for privacy reasons, we must then restrict access to that document library, which forces users to then go through HR each time they want to update their resume.

My thought is to create a list with attachments enabled that allows users to only view/edit their own items, and then give HR permission to manage all entries. This works with the exception that HR will need to create the initial list item and attach the resume, which means the list item will be "created by {hr}" and not visible/editable by the end user whose resume is attached.

Any ideas on how I can either allow HR to modify the "created by" field on upload so end users will see and can edit their resume, or go about this in a different way?

Thanks!

Answer 1

Why not just use a document library for the resumes? (instead of a list w/ attachments.) You can give HR full read/write to all documents within, and the owner of the resume will have contribute permissions to only their own resume.

Answer 2

With a custom upload screen you could change the context of the current user before doing the upload. It requires looking up the user token using something like the following (these are snippets of working code with error handling and other stuff removed). Note that EnsureUser will require that the current user basically be an admin/owner.

using (SPSite site = GetImpersonatedSite(runAsUser))
{
    using (SPWeb web = site.OpenWeb())
    {
        // Do stuff here
    }
}

private SPSite GetImpersonatedSite(string username)
{
    user = SPContext.Current.Web.EnsureUser(username);
    SPSite site = new SPSite(SPContext.Current.Web.Url, user.UserToken);
    return site;
}

Answer 3

I had a similar situation (migration into sharepoint) where I had to add a file with the admin user to a doc library and then "change" the users. I did it like this, might help you somewhat:

using (var root = site.RootWeb)
 {
   var users = root.SiteUsers;
   var user = users["domain\username"];
   file.Item[SPBuiltInFieldId.Created_x0020_By] = user.ID;
   file.Item[SPBuiltInFieldId.Modified_x0020_By] = user.ID;
   file.Item.UpdateOverwriteVersion();

Answer 4

Create a document library to hold the resume's. Then give the HR department (SharePoint User group) "read / write all" permissions on the library, the give everyone else read / write your own" rights. Create a Content Type called "Resume" based on the out-of-the-box Document content type. Then add a field that contains the Employee (SPUser field) whom the resume concerns to the content type (and any other fields required, i.e. name, address etc.). Have HR fill this in correctly when creating the listitem (make the fields required).

Then, write a itemeventreceiver bound to the content type you just created and override the ItemUpdated event.

The code would be something like the following:

public override void ItemUpdated(SPItemEventProperties properties)
{
  SPSecurity.RunWithElevatedPrivileges(delegate
  {
    using (SPWeb web = properties.OpenWeb())
    {
       web.AllowUnsafeUpdates = true; 
       var item = web.Lists[properties.ListId].GetItemById(properties.ListItemId);
       if (item != null)
       {
         if (item.Fields.ContainsField("Employee"))
         {
           item["Author"] = item["Employee"]; 
           // Author is the internal name of the Created by field, 
           // always use Internal Names!
           DisableEventFiring();
           item.SystemUpdate();
           EnableEventFiring();
         }
       }
     }
   });
}

you can bind the ItemEventReceiver using a FeatureReceiver to the content type like so:

SPContentType docCt = web.ContentTypes[new SPContentTypeId("CONTENTYPE ID GOES HERE")];
docCt.EventReceivers.Add(SPEventReceiverType.ItemUpdated, "ASSEMBLYNAME, Version=1.0.0.0, Culture=neutral, PublicKeyToken=TOKEN", "FULLY QUALIFIED CLASSNAME");
docCt.Update();