Still show Edit icon when selecting ''Edit access: Specify which items users can edit" on List Advanced Settings
Hello, Everybody said, if you want users can only edit their own list items, you can check Settings/Advanced Settings/''Edit access: Specify which items users can edit". But the Edit and Delete icon still be shown on the context menu and the ViewForm/EditForm pages, even though it will forbidden users to submit Edit or Delete with an "Access Denied" error. I have read SharePoint 2.0 has this kind of problem but 3.0 has improve them: the user will not see the entry if they have not the permmission. But how about this?Thanks for your helpHope Helpful | Xiaofeng Wang | http://www.leoworks.net
January 28th, 2010 12:39pm

Hi Xiaofeng, WSS 3.0 and MOSS 2007 did improve the permissions comparing with the 2.0 products. I have to admit that I could reproduce your issue in my local. Per my understanding, this is a setting for the whole list, but not a permission setting for the specific list item. Then it does not function like the normal list item permissions. If you need to let the user will not see the entry if they have not the permissions, please break the permission for the list item and customize it based on your real requirement. I am sorry for the confusion and hope the information can be helpful. Lambert Qin TechNet Subscriber Support in forum If you have any feedback on our support, please contact mtngfb@microsoft.com By the way, this is not a customization question, I moved it Admin forum.Sincerely, Lambert Qin Posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2010 6:45am

Hi, Labmer I have no idea SharePoint Team how to identify the List level Permission and the List Item Permission. Maybe your's right but there still are overlay sometimes. In my opionion, since the user has not the Edit/Delete permission, why not let them see these buttons? I think, most of end users will complain of this problem. Imagine, I happily open an item to edit it for a while but then click OK to get a "Access Denied", that faint. No good user experience. I'm not sure if we should regard this as a BUG but at least a expected enhancement. Hope 2010 already hase fixed this but I have not verify it. For now, I agree with you that 'break the permission for the list item and customize it' is a possible workaround. I search some silimar scenario on Internet and implement a feature to hoop the ItemAdded event as following, you can modify it as your local requiremnets. hope this help concerning others: public override void ItemAdded(SPItemEventProperties properties) { base.ItemAdded(properties); // this event handler will be attached to all the lists in this site, // if you want to apply this to specified list/lib, implement here. // for instance, if the list this event is occuring in is not expected, just return //if (properties.ListId != [your expected list id]) return; try { SPSecurity.RunWithElevatedPrivileges(delegate { using (SPSite site = new SPSite(properties.SiteId)) { using (SPWeb web = site.OpenWeb(properties.ListItem.ParentList.ParentWeb.ID)) { web.AllowUnsafeUpdates = true; // make sure referring to those new objects created under the evelvated security context, // there seems to be some bug in web.Lists[properties.ListId].Items[properties.ListItemId] // IndexOutOfRange SPListItem item = web.Lists[properties.ListId].Items[properties.ListItem.UniqueId]; // break down the permission inheritance item.BreakRoleInheritance(false); SPRoleDefinition readRoleDef = web.RoleDefinitions["Read"]; SPRoleDefinition contributeRoleDef = web.RoleDefinitions["Contribute"]; // assign the Contribute permisioin level to the user creating this item SPRoleAssignment roleAssOfCurrentUser = new SPRoleAssignment(web.AllUsers[properties.UserLoginName]); roleAssOfCurrentUser.RoleDefinitionBindings.Add(contributeRoleDef); // all the authenticated users can read SPRoleAssignment roleAssOfAllUser = new SPRoleAssignment(web.AllUsers["NT AUTHORITY\\Authenticated Users"]); roleAssOfAllUser.RoleDefinitionBindings.Add(readRoleDef); item.RoleAssignments.Add(roleAssOfCurrentUser); item.RoleAssignments.Add(roleAssOfAllUser); //properties.ListItem.SystemUpdate(); // NO ERROR, BUT NO NEED } } }); } catch (Exception e) { string errorMsg = "Error when customizing permission of list item: " + properties.ListTitle + "Technical Details:\n" + e.ToString(); EventLog.WriteEntry("WSS3", errorMsg, EventLogEntryType.Error); } } Hope Helpful | Xiaofeng Wang | http://www.leoworks.net
January 29th, 2010 10:05am

Hi Xiaofeng, Thanks for your understanding and sharing us a programming workaround for this issue. I verified that the issue was still existed in SharePoint 2010 beta before I made the initial reply. I will try to consult the issue with the internal channels, but I could not guarantee if there is a fast response. I will keep you updated if I get an answer. Please feel free to let me know if you need further assistance. Lambert Qin TechNet Subscriber Support in forum If you have any feedback on our support, please contact mtngfb@microsoft.com Sincerely, Lambert Qin Posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
January 29th, 2010 11:07am

Hi Lamber,It's a pity that 2010 beta2 has still the issue. Even though we have closed this thread, I would like to post something interesting that I find regarding this issue. I think it proves a bug .....As known, the list item context menu is rendered by javascript in 12\layouts\<lcid>\core.js, for the special View/Edit items, I find there are the following call stack:At the last of SetCurrentPermMaskFromString, it's important to note ctx.WriteSecurity==1 . AddListMenuItems AddSharedNamespaceMenuItems HasRights function SetCurrentPermMaskFromString(pmStr, currentItemAuthor) { var pmLen=pmStr.length; if(pmLen <=10 ) { currentItemPermMaskH=0; currentItemPermMaskL=parseInt(pmStr); } else { currentItemPermMaskH=parseInt(pmStr.substring(2, pmLen - 8), 16); currentItemPermMaskL=parseInt(pmStr.substring(pmLen - 8, pmLen), 16); } currentItemCanModify=true; //debugger; currentItemCanModify=(currentItemAuthor==null) || HasRights(0x0, 0x800) || (ctx.CurrentUserId==currentItemAuthor) || (ctx.CurrentUserId==null) || (ctx.WriteSecurity==1); }What's WriteSecurity? In my search, the server SPList object has the same property WriteSecurity, and it's just to indicate:A 32-bit integer that specifies the Write security setting. Possible values include the following: 1 — All users can modify all items. 2 — Users can modify only items that they create. 4 — Users cannot modify any list item. So, I guess, when they implemented these codes, maybe SharePoint Team initially want to hide the Edit menu if the list item does not belong to the user. But what happen? Why do it not work? I have no idea, the javacript package is rather complicate and I have no time to figure it out the fact. But I try to ...I just spent a bit time to debug and find the currentItemAuthor passed into SetCurrentPermMaskFromString is null, then I go back and find it's passed by HasRights as following:function HasRights(requiredH, requiredL){ if(currentItemPermMaskH==null) { if (itemTable==null) return true; var pmStr=GetAttributeFromItemTable(itemTable, "Perm", "PermMask"); if(pmStr==null) return true; debugger; var currentItemAuthor=itemTable.getAttribute("Author"); SetCurrentPermMaskFromString(pmStr, currentItemAuthor); }For var currentItemAuthor=itemTable.getAttribute("Author"); , I open the html source code of a Task list and the Author attribute really could not be found:<table height="100%" class="ms-unselectedtitle" id="3" onmouseover="OnItem(this)" cellSpacing="0" SUrl="" UIS="512" CId="0x01080071680316D2B92C4BA157FA2E6CDF8C0A" CType="Task" MS="0" CSrc="" HCD="" COUId="" OType="0" Icon="icgen.gif||" Ext="" Type="" Perm="0x7fffffffffffffff" DRef="Lists/Tasks" Url="/Lists/Tasks/3_.000" CTXName="ctx1">I aslo tried some other lists, Calendar, Link .... they are missing the Author attribute too. Now, It seems like a bug?I would like to submit a bug request on connect.microsoft.com when I'm at home, hope SharePoint Team confirm this whether or not.Thanks.Hope Helpful | Xiaofeng Wang | http://www.leoworks.net
January 29th, 2010 1:37pm

Please don't refer to 2010 in these forums which are for the pre-2010 SP products only. (Moderator)FAQ sites: (SP 2010) http://wssv4faq.mindsharp.com; (v3) http://wssv3faq.mindsharp.com and (WSS 2.0) http://wssv2faq.mindsharp.com Complete Book Lists (incl. foreign language) on each site.
Free Windows Admin Tool Kit Click here and download it now
February 12th, 2010 9:45am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics