Limit parts of page or DataForm WebPart to the ones with rights
If you see any SharePoint page anonymously, you can see only the items you’re supposed to see. If we as visitors have no rights to see certain site, it’s not displayed. Also if any elements of a list or a document library has specific permissions not to be available for public, we can’t see it.
SharePoint has a very good Security model, which we can use (yes, and even without visual Studio). We can set to display certain parts of page or DFWP based on rights the visiting user has. For example: If we have a special part that only the users that have the right to edit, can see, we’d wrap it in a conditional formatting tag with a condition ddwrt:IfHasRights(4)
<xsl:if test=”ddwrt:IfHasRights(4)”>Only Editors can see this text!</xsl:if>
The number 4 in the example above represents the editing right. You’ll find all available rights permissions in the table below. The example above is good for hiding the “Edit” button.
You can make the same outside of a WebPart. But you need to use different kind of tag to nest the protected content in:
<Sharepoint:SPSecurityTrimmedControl runat="server" PermissionsString="EditListItems">Only Editors can see this text!</Sharepoint:SPSecurityTrimmedControl>
Use the example above anywhere on the webpage outside of a webpart. As we can see this time the permission is defined with a string instead of number. For this tag to be working, don’t forget to register the SharePoint tagprefix before with
<%@ Register tagprefix="SharePoint" namespace="Microsoft.SharePoint.WebControls" assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
(in SharePoint’s default master page it’s already added). You’re probably asking which are the values. Thanks to Ian Morrish I’ve found the whole set. (the strings for PermissionString are quite self-descriptive)
| SPSecurityTrimmedControl | ddwrt:IfHasRights |
|---|---|
| ViewListItems | 1 |
| AddListItems | 2 |
| EditListItems | 4 |
| DeleteListItems | 8 |
| ApproveItems | 16 |
| OpenItems | 32 |
| ViewVersions | 64 |
| DeleteVersions | 128 |
| CancelCheckout | 256 |
| PersonalViews | 512 |
| ManageLists | 2048 |
| ViewFormPages | 4096 |
| Open | 65536 |
| ViewPages | 131072 |
| AddAndCustomizePages | 262144 |
| ApplyThemeAndBorder | 524288 |
| ApplyStyleSheets | 1048576 |
| ViewUsageData | 2097152 |
| CreateSSCSite | 4194314 |
| ManageSubwebs | 8388608 |
| CreateGroups | 16777216 |
| ManagePermissions | 33554432 |
| BrowseDirectories | 67108864 |
| BrowseUserInfo | 134217728 |
| AddDelPrivateWebParts | 268435456 |
| UpdatePersonalWebParts | 536870912 |
| ManageWeb | 1073741824 |
| UseRemoteAPIs | 137438953472 |
| ManageAlerts | 274877906944 |
| CreateAlerts | 549755813888 |
| EditMyUserInfo | 1099511627776 |
| EnumeratePermissions | 4611686018427387904 |
| FullMask | 9223372036854775807 |
There are some considerations you should take in mind:
1. This doesn’t work on “System” pages – in _layouts folder
2. This is chekcing the security against the actual page you’re viewing (if you put the spsecuritytrimmedcontrol in a masterpage it will check ivisitors permissions on a page he’s viewing, not on a masterpage).
Great list of permissions, this will help a lot. I am trying to squeeze by without having to get MOSS just for Audience permissions.
How though does the Permissions on Lists, like view, add and edit work with the Sharepoint:SPSecurityTrimmedControl Since it isn't tied down to a specific list ID, like from within XSLT views or even a webpart, which could have its own permissions.
I would like to be able to show links based on whether the user has add rights on a seperate list, other than the one shown to them currently. This, if it could be associated with a specific list ID for permissions could be the ticket. Do you think this can be done?
Hi, Joe!
Thanks for your comment. I've been searching around and according to article here (http://www.crsw.com/mark/Lists/Posts/Post.aspx?ID… there is an additional attribute called PermissionContext with which you can apply to what item the security is bound. Values are CurrentFolder, CurrentItem, CurrentList, CurrentSite, RootSite.