views:

42

answers:

5

How can I disallow adding item or document to a list or document library? Due to some other feature scenario I cannot break role inheritance and have custom permission set for the list. Today, we restrict the addition using event handler (Item adding) – but this leads to poor UX.

Is there a way to have Role inheritance for a list and still have a base permission mask? Something like, allow everything that parent web offers but not X,Y,Z. Breaking role inheritance in the traditional way introduces the problem of explicit User and role management. Having a SPGoup hold an another SPGoup could help here, but that too is not possible. Let me know your suggestions.

A: 

I think you are asking to allow a user to have add permissions to the list but not actually be allowed to add to the list. Event receiver is going to be the best way. The only other solution I can think of is to use a custom item form that will do the check.

thekaido
A: 

You can solve your problem by creating a webpart with the below functionality.

Identify the logged user is in admin group. If he is not in that group ganarte a javascript alert that "you have no permission for add new item" and redirect to (location.href="") allitems.aspx page.

And place this webpart in Newform.aspx page. (add &toolpaneview=2&sharedview=true in in Newform.aspx url for editing page)

Hope this helps. Let me know if you need more help.

Hojo
Thanks, this is really helpful. What I really wanted to do is to hide the "Add new item" link and "New" button from the UI. This too can be done using client side script. This is not clean solution though.
Harsh Vardhan Singh
A: 

Create an IHTTPModule and subclass the context AuthenticateRequest event.

In the AuthenticateRequest routine you can inspect what type of action is happening and then redirect the user to the SharePoint "Access Denied" page. This is exactly how SharePoint does this functionality so the UX experiance would be the same.

If you want my opinion I would go with the way SharePoint handles permissions out of the box and break role inheritiance. Sure it will add new complexities to your life. But, I think you can better manage these complexities with the SharePoint Admin Toolkit and some custom built utilities for managing permissions. I think that is a better solution than what you are trying to do.

JD
A: 

Am I missing something here when I suggest: Just hide the toolbar (or specific button) in the view page? That's an painless CSS hook done in the view page or SharePoint Designer

F.Aquino
I checked that option, the class/ID for "new" is hard to guess right. This is too generic and may conflict if multiple lists are shown on a page (as different web-parts). Thanks anyways.
Harsh Vardhan Singh
A: 

If you are using a custom List Template, you could create a custom View Toolbar Template. However, you probably will not want to use this on an OOTB List Template and it doesn't look like this will work on an existing list.

Even if you implement this, I would still leave the Event Receiver in place in order to prevent URL spoofing.

Rich Bennema

related questions