WSS site and page permission - sharepoint

I have a simple requirement where a user can input some details using a form.I have created a List and using sharepoint designer generated a customized new entry form which can submit data into list.There are two types of users one end user and second admin.
The problem is ,I have to give permission to the list for end users so that they can fill entry and submit request.This permission allow end end user to jump main site and they able to see list data and other site details.
Is there any way which I can create a group which has only access to that entry (request from) page and not able to browse any other urls
I want to use coding level solution if it is possible with in built functionality.
The new customized form is inbuilt functionality.
Please help .
Thanks
Ritu

you can specific permissions on the list, without giving permissions to the whole site. This way you can even give permissions to only add items. All that could be done using the browser alone

Related

SharePoint Hosted App 2013: Customize List/AllItems.aspx page

I'm trying to implement permission levels in SharePoint hosted app. I've created a custom list "Permissions" where I'm adding different users with their roles.
I have created a page List.aspx where I'm showing my custom list "Products" as a list view web part. Page List.aspx checks the user's role against "Permissions" list, and page can show or hide content in regards to this role. The problem is, when user tries to navigate to "Lists/Products/Allitems.aspx" or "Lists/Permissions/Allitems.aspx" he can see the list items.
All code check is done in JavaScript and I know there is a security risk, but this will work for my users. I just need to find a way to inject custom JavaScript code to Allitems.aspx, and to check if user has permissions to see it or not.
Everything here is done on App web and there's nothing that I use on host web.
I've found a workaround for this. Basically what I did is that I just hide the list view from direct access. To achieve this, open the Schema.xml of the list and replace "JSLink":
from
<JSLink>clienttemplates.js</JSLink>
to
<JSLink>~site/Scripts/OverrideListView.js</JSLink>
Now, create a new file Scripts/OverrideListView.js and add following code to it:
document.write("<style>body {display:none; };</style>");
Try now to access Lists/Permissions/Allitems.aspx directly. You will get a blank page.
This is basically idea how to insert custom JS code into list view. You could add additional code for checking current user's permissions on site level and in regards to it to unhide this view, or even to redirect him to the homepage if he does not have right role or permissions.

Set field via URL

Is it possible to have a field in the current item be changed by clicking a URL? The field would be a choice field with predefined choices.
Such as if the item field is currently:
Status: 2
If a user clicks the link, the field would now be:
Status: 3
If not, is there any other way for a user to easily change a field in the current item without actually haveing to visit the item?
Thanks!
Not Out Of The Box (OOTB) - but you've a few options.
Write an ASPX page to do what you want
Use something like SPServices and javascript to update the list item via the web services.
Use the Client Object Model (2010 only)
By the way - changing stuff on a 'get' can be dangerous as you can do malicious things - for example imagine you have a page that deletes the users account without any prompting (exact example doesn't matter) - what if someone clicks on that link by mistake or even worse what about an email sent with an image with that page as source URL - simply viewing the email could delete the users account.
It's not possible by using a GET request, but SharePoint 2010 is offering a RESTful API to manage ListItems from any client
The REST API is located within the virtual WebServices folgder under each SharePoint Site.
http://YourSharePointSite/_vti_bin/ListData.svc.
To perform an update on SharePoint ListItems you have to create a PUT Request. For more information on SharePoints REST API you should have a look at this MSDN site, there are also a lot of samples linked from this article.
Thorsten

can users access the SharePoint application page who have read permissions?

we created one page and placed under LAYOUTS folder.so can u tell me can all users access this page by giving their AD credentials.
some users are not able to login to this page.
pleage give me some suggestions.
The default Application Page setup will require the View Application Pages permission, and all derived permissions. You can manually configure the permissions of the application page by defining the RightsRequired property of the page. This is usually defined OnLoadComplete, but you can specify to occur after OnPreInitComplete by configuring the RightsCheckMode property.
But, without fiddling in these settings, it is still possible that certain users who have the read permissions on the general site may be barred from the Application Page. This can arise whenever you have controls that require different permission levels. For example, if you have a custom application page that has a field control associated with a specific list and item, if that control is in Edit mode then the user needs Edit permissions for that list and item in order to view the application page. It does not actually matter if this field control has anything to do with the list in question! For example, I once had an application page designed for bulk-downloading files which are in two folders. I wanted to re-use this page for a few different document libraries, so I decided to create a custom multi-lookup field control that would take the List query string as if on a New Form, and build the list of items to download that way. But this page was blocked for a subset of users who were not allowed New item permissions in one of the two folders, even though the page technically didn't do anything involving adding new items.
Any other elements on the page which require a separate set of permissions than general site permissions will also interfere, but the general case is with item-level and list-level permissions conflicting with the site-level permission. Simply check all of your controls, especially ones based on SharePoint web controls. As long as the user has permissions necessary to operate all of these, the user should be able to view the application page.
The entire user who has read permission, they can access this page.
If this page trying to do any manipulation, which needs hire permission, you may get access denied.
For trouble shooting comment all cods and try to access this page with read permission.

Sharepoint Redirecting Users or Groups from a page to another

What I am tring to do is, when people comes to that page:
http://server:26521/MY_Portal/service/default.aspx
I want them to be redirected to that page
http://server:26521/default.aspx
Depending on their User name Or User Group.
Thanks for helps.
I can think of two ways to do this:
If you're using ISA Server or a similiar product in front of Sharepoint, you can configure it to do this. So those users who you want redirected will never access the first page.
Alternatively, you could write a webpart, which analyzes who the user is, and does some sort of redirection, either in .net or in javascript to the page you want.

SharePoint - Adding users from Active Directory in a custom administration form

I have a project where I need to add users to a SharePoint portal, but when I add them, I also need to set addition parameters inside a separate database.
I want to add a custom administration screen where the administration can set these values when they add the user rather than forcing them to first add the user then go to a separate interface page where they set the values.
Does anyone know of any good articles that will explain how to accomplish this?
Thanks.
It would be easier to create a custom asp.net form that would get all the information required about the user.
the submit could then add the information to the database that is needed and use the object model to add the users.
SPRoleAssignment MyRoleAssign = new SPRoleAssignment(”domain/alias”, “email address”, “User Name”, “Description”);
SPRoleDefinition MyRoleDef = newSubWeb.RoleDefinitions["Contribute"];
MyRoleAssign.RoleDefinitionBindings.Add(MyRoleDef);
site.RoleAssignments.Add(MyRoleAssign);
Code from farhanfaiz.wordpress.com here
Otherwise the SharePoint webservices may do.
Examples here

Resources