tags:

views:

42

answers:

5
Q: 

Disallow item addition in a List or Doc lib

How can I disallow adding item or document to a list or document library? Due to some other feature scenario I cannot break role inheritance and have custom permission set for the list. Today, we restrict the addition using event handler (Item adding) – but this leads to poor UX.

Is there a way to have Role inheritance for a list and still have a base permission mask? Something like, allow everything that parent web offers but not X,Y,Z. Breaking role inheritance in the traditional way introduces the problem of explicit User and role management. Having a SPGoup hold an another SPGoup could help here, but that too is not possible. Let me know your suggestions.

A: 

I think you are asking to allow a user to have add permissions to the list but not actually be allowed to add to the list. Event receiver is going to be the best way. The only other solution I can think of is to use a custom item form that will do the check.

thekaido  2010-02-28 05:17:18
A: 

You can solve your problem by creating a webpart with the below functionality.

Identify the logged user is in admin group. If he is not in that group ganarte a javascript alert that "you have no permission for add new item" and redirect to (location.href="") allitems.aspx page.

And place this webpart in Newform.aspx page. (add &toolpaneview=2&sharedview=true in in Newform.aspx url for editing page)

Hope this helps. Let me know if you need more help.

Hojo  2010-02-28 06:36:58
Thanks, this is really helpful. What I really wanted to do is to hide the "Add new item" link and "New" button from the UI. This too can be done using client side script. This is not clean solution though.
Harsh Vardhan Singh  2010-02-28 14:15:17
A: 

Create an IHTTPModule and subclass the context AuthenticateRequest event.

In the AuthenticateRequest routine you can inspect what type of action is happening and then redirect the user to the SharePoint "Access Denied" page. This is exactly how SharePoint does this functionality so the UX experiance would be the same.

If you want my opinion I would go with the way SharePoint handles permissions out of the box and break role inheritiance. Sure it will add new complexities to your life. But, I think you can better manage these complexities with the SharePoint Admin Toolkit and some custom built utilities for managing permissions. I think that is a better solution than what you are trying to do.

JD  2010-02-28 15:53:34
A: 

Am I missing something here when I suggest: Just hide the toolbar (or specific button) in the view page? That's an painless CSS hook done in the view page or SharePoint Designer

F.Aquino  2010-02-28 18:28:01
I checked that option, the class/ID for "new" is hard to guess right. This is too generic and may conflict if multiple lists are shown on a page (as different web-parts). Thanks anyways.
Harsh Vardhan Singh  2010-03-01 03:34:52
A: 

If you are using a custom List Template, you could create a custom View Toolbar Template. However, you probably will not want to use this on an OOTB List Template and it doesn't look like this will work on an existing list.

Even if you implement this, I would still leave the Event Receiver in place in order to prevent URL spoofing.

Rich Bennema  2010-03-01 16:57:07

related questions

Can't copy file with appropriate permissions using FileIOPermission
GetProcessesByName() and Windows Server 2003 scheduled task
Starting a process in C# with username & password throws "Access is Denied" exception
How do you set directory permissions in NSIS?
PHP: How to check if a directory is writeable?
Sharepoint Item Level Access & performance
sudo echo "something" >> /etc/privilegedFile doesn't work... is there an alternative?
What is the best way to create a security architecture?
Hierarchical Group Permissions Theory/Resources?
Why is access denied when installing SSL cert on IIS 5?
What databases do I have permissions on
Can an iPhone App Be Run as Root?
SQLite/PHP read-only?
Multiple permission types (roles) stored in database as single decimal
SharePoint Permissions
CakePHP ACL Database Setup: ARO / ACO structure?
LINQ and Database Permissions
What's the best way to implement a SQL script that will grant select, references, insert, update, and delete permissions to a database role on all the user tables in a database?
php scripts writing to non-world-writable files
How do I detect if a function is available during JNLP execution?
Implementing permissions in PHP
Access Control Lists & Access Control Objects, good tutorial?
In Visual Studio you must be a member of Debug Users or Administrators to start debugging. What if you are but it doesn't work?
Where should I put my log file for an asp.net application?
What is the best way to handle multiple permission types?