Does anybody know of a webpart, webpart code or client code that will do this?
I'd like to give a security group contribute to a sepecific list, but want to customize copies of the forms they can run and would like to make sure they can't run other speicfic forms for the list.
When the webpart sees they are not in a specific security group it will redirect them to an error page or some other page.
You can create a webpart that runs this code:
if (!SPContext.Current.Web.SiteGroups["groupname"].ContainsCurrentUser)
{
SPUtility.Redirect("url", SPRedirectFlags.Default, HttpContext.Current);
}
Related
I'm trying to implement permission levels in SharePoint hosted app. I've created a custom list "Permissions" where I'm adding different users with their roles.
I have created a page List.aspx where I'm showing my custom list "Products" as a list view web part. Page List.aspx checks the user's role against "Permissions" list, and page can show or hide content in regards to this role. The problem is, when user tries to navigate to "Lists/Products/Allitems.aspx" or "Lists/Permissions/Allitems.aspx" he can see the list items.
All code check is done in JavaScript and I know there is a security risk, but this will work for my users. I just need to find a way to inject custom JavaScript code to Allitems.aspx, and to check if user has permissions to see it or not.
Everything here is done on App web and there's nothing that I use on host web.
I've found a workaround for this. Basically what I did is that I just hide the list view from direct access. To achieve this, open the Schema.xml of the list and replace "JSLink":
from
<JSLink>clienttemplates.js</JSLink>
to
<JSLink>~site/Scripts/OverrideListView.js</JSLink>
Now, create a new file Scripts/OverrideListView.js and add following code to it:
document.write("<style>body {display:none; };</style>");
Try now to access Lists/Permissions/Allitems.aspx directly. You will get a blank page.
This is basically idea how to insert custom JS code into list view. You could add additional code for checking current user's permissions on site level and in regards to it to unhide this view, or even to redirect him to the homepage if he does not have right role or permissions.
I have an unusual scenario in which only one page of our SP 2007 site is throwing this error "You are not authorized to view this page".
Here are some details:
SP 2007 Enterprise
The page in question uses SmartPart to display custom usercontrol.
We have 50+ pages that also use custom user controls in SmartPart, and none of them generate this error.
The page in question has several functions, and it initially loads just fine. First time it loads, user selects a customer from a dropdown, then enters a search query and clicks the search button. That all works, and the page then returns some search results. That works as well. The the user can click on a Modify link for each item. It's clicking on this Modify link that generates the page error. All of these things are done one this one page, it just refreshes accordingly. The Modify link is just a standard asp:commandline field that causes the page to load the line item in editable mode.
Here's the other strange thing. If I login as the SP Administrator account, and go to this page, it all works properly, no errors...and, then all other users can go in and use the page properly, without errors as well. It's as if whatever the security issue is, is being resolved temporarily as a result of the Admin using the page first. But after a code publish, or IISRESET, etc, the page goes back to not working for any general users.
Any ideas on what I should look for in trying to resolve this issue? I can also provide code if anyone thinks that may be relevant.
Thanks!
use SPSecurity.RunWithElevatedPrivileges for running your code with anonymous access user:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPSite site = new SPSite(web.Site.ID))
{
// implementation details omitted
}
});
I am new on SharePoint 2010 and trying to make basic web sites.
First, created a new site. Using domain authantication. I've done to hide Site Actions tab. Surrounded the tags with
<SharePoint:SPSecurityTrimmedControl ID = "spstcSiteActions" runat = "server" PermissionsString = "ManageWeb">
When you do this, end-user cant see Site Actions ribbon, but cant see Sign In link too :)
I want to make Site Actions invisible, but Sign In link visible. When the user clicks then link, he can see Site Actions ribbon if authentication is success. My question is How to hide Site Actions tab, but show Sign In link in same tab or at different place.
I've not tried this on SharePoint 2010 but might know a workaround. You could try putting a link on your masterpage that points to /_layouts/authenticate.aspx . Once the user clicks on the url, they will be authenticated and brought back. Then the trimmed control can show the site actions menu depending on permissions.
You'll need a trimmed control around the login link in order to hide it when the user is authenticated.
You might want to look into what CustomActions are available to you. I've used custom actions in SP2007 to add items to the site actions menu. You might be able to leverage something something similar to hide an item.
Here's a related article:
http://msdn.microsoft.com/en-us/library/bb418728(office.12).aspx
I have a simple requirement where a user can input some details using a form.I have created a List and using sharepoint designer generated a customized new entry form which can submit data into list.There are two types of users one end user and second admin.
The problem is ,I have to give permission to the list for end users so that they can fill entry and submit request.This permission allow end end user to jump main site and they able to see list data and other site details.
Is there any way which I can create a group which has only access to that entry (request from) page and not able to browse any other urls
I want to use coding level solution if it is possible with in built functionality.
The new customized form is inbuilt functionality.
Please help .
Thanks
Ritu
you can specific permissions on the list, without giving permissions to the whole site. This way you can even give permissions to only add items. All that could be done using the browser alone
What I am tring to do is, when people comes to that page:
http://server:26521/MY_Portal/service/default.aspx
I want them to be redirected to that page
http://server:26521/default.aspx
Depending on their User name Or User Group.
Thanks for helps.
I can think of two ways to do this:
If you're using ISA Server or a similiar product in front of Sharepoint, you can configure it to do this. So those users who you want redirected will never access the first page.
Alternatively, you could write a webpart, which analyzes who the user is, and does some sort of redirection, either in .net or in javascript to the page you want.