1/09/2010

SharePoint: Permission Levels, SPBasePermissions and PermissionMask

 

This is a list of SharePoint 2007 and 2010 permissions and related notes (mostly for my own use :-)  ).

 

SharePoint users/groups are granted access to SharePoint objects by being assigned one or more Permission Levels (Roles in the API). Permission Levels are created from individual Site, List and Personal permissions represented as a 64 bit bitmap known in the object model as a PermissionMask property.

SharePoint 2007 and 2010 include 33 permissions, plus two additional not in the UI: EmptyMask and FullMask. Note the the definition of FullMask can change!  See here: http://www.cjvandyk.com/blog/Lists/Posts/Post.aspx?List=744536f4%2D127e%2D4c4a%2Dbcff%2Db85408e7e7e5&ID=225

 

API notes:

  Permission Level = Role       myuser.Roles.Count     mygroup.Roles.Count

foreach ( SPRole role in mygroup.Roles)
     {
          Console.Write(" Role: " + role.Name);
      }

  Permission test:

if (web.DoesUserHavePermissions(user.LoginName,SPBasePermissions.DeleteListItems)
   {    }

  Permission levels are OR’d ( “|” in C#), so user gets all permissions for all levels assigned to them.
  (and there is no “Deny”)

 

  Two other places to find user related info:

     Owners:
       site.SecondaryContact.Name
       site.SystemAccount.Name

    Site Collection Administrators:
       user.IsSiteAdmin

 

 

Permission Levels, SPBasePermissions, PermissionMask bit, and default assignments

 

enum = order of item in the enumeration of  SPBasePermissions

Enum Name = Enumeration name (SPBasePermissions.ManageLists)

bit = bit position SPRole.PermissionMask

Group = Group name in  the “Edit Permission Level” page  (_layouts/editrole.aspx)

Name in Browser = name in  the “Edit Permission Level” page  (_layouts/editrole.aspx)

R = included in the default Read permission level and the “sitename Reader” group

C = included in the default Contribute permission level and the “sitename Members” group

D = included in the default Design permission level (no default group)

FC = included in the default Full Control permission level and the “sitename Owner” group

The View permission level is the same as Read, except it is missing Open Items.

 

enum bit Group Enum Name Name in browser Description R C D FC
12 12 List ManageLists Manage Lists Create and delete lists, add or remove columns in a list, and add or remove public views of a list.       X
10 9 List CancelCheckout Override Checkout Discard or check in a document which is checked out to another user.     X X
3 2 List AddListItems Add Items Add items to lists, add documents to document libraries, and add Web discussion comments.   X X X
4 3 List EditListItems Edit Items Edit items in lists, edit documents in document libraries, edit Web discussion comments in documents, and customize Web Part Pages in document libraries.   X X X
5 4 List DeleteListItems Delete Items Delete items from a list, documents from a document library, and Web discussion comments in documents.   X X X
2 1 List ViewListItems View Items View items in lists, documents in document libraries, and view Web discussion comments. X X X X
6 5 List ApproveItems Approve Items Approve a minor version of a list item or document.     X X
7 6 List OpenItems Open Items View the source of documents with server-side file handlers. X X X X
8 7 List ViewVersions View Versions View past versions of a list item or document. X X X X
9 8 List DeleteVersions Delete Versions Delete past versions of a list item or document.   X X X
32 40 List CreateAlerts Create Alerts Create e-mail alerts. X X X X
13 13 List ViewFormPages View Application Pages View forms, views, and application pages, and enumerate lists. X X X X
23 26 Site ManagePermissions Manage Permissions Create and change permission levels on the Web site and assign permissions to users and groups.       X
19 22 Site ViewUsageData View Usage Data View reports on Web site usage.       X
21 24 Site ManageSubwebs Create Subsite Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.        X
28 31 Site ManageWeb Manage Web Site Grant the ability to perform all administration tasks for the Web site as well as manage content. Activate, deactivate, or edit properties of Web site scoped Features through the object model or through the user interface (UI). When granted on the root Web site of a site collection, activate, deactivate, or edit properties of site collection scoped Features through the object model. To browse to the Site Collection Features page and activate or deactivate site collection scoped Features through the UI, you must be a site collection administrator.       X
16 19 Site AddAndCustomizePages Add and Customize Pages Add, change, or delete HTML pages or Web Part Pages, and edit the Web site using a Windows SharePoint Services–compatible editor.     X X
17 20 Site ApplyThemeAndBorder Apply Theme and Border Apply a theme or borders to the entire Web site.     X X
18 21 Site ApplyStyleSheets Apply Style Sheets Apply a style sheet (.css file) to the Web site.     X X
22 25 Site CreateGroups Create Groups Create a group of users that can be used anywhere within the site collection.       X
24 27 Site BrowseDirectories Browse Directories Enumerate files and folders in a Web site using Microsoft Office SharePoint Designer 2007 and WebDAV interfaces.   X X X
20 23 Site CreateSSCSite Use Self-Service Site Creation Create a Web site using Self-Service Site Creation.        
15 18 Site ViewPages View Pages View pages in a Web site. X X X X
34 63 Site EnumeratePermissions Enumerate Permissions Enumerate permissions on the Web site, list, folder, document, or list item.       X
25 28 Site BrowseUserInfo Browse User Information View information about users of the Web site. X X X X
31 39 Site ManageAlerts Manage Alerts Manage alerts for all users of the Web site.       X
30 38 Site UseRemoteAPIs Use Remote Interfaes Use SOAP, WebDAV, or Microsoft Office SharePoint Designer 2007 interfaces to access the Web site. X X X X
29 37 Site UseClientIntegration Use Client Integration Features Use features that launch client applications; otherwise, users must work on documents locally and upload changes.  X X X X
14 17 Site Open Open Allow users to open a Web site, list, or folder to access items inside that container. X X X X
33 41 Site EditMyUserInfo Edit Personal User Information Allows a user to change his or her user information, such as adding a picture.   X X X
11 10 Personal ManagePersonalViews Manage Personal Views Create, change, and delete personal views of lists.   X X X
26 29 Personal AddDelPrivateWebParts Add/Remove Personal Web Parts Add or remove personal Web Parts on a Web Part Page.   X X X
27 30 Personal UpdatePersonalWebParts Update Personal Web Parts Update Web Parts to display personalized information.   X X X
                   
1 0   EmptyMask EmptyMask Has no permissions on the Web site. Not available through the user interface.        
35 1   FullMask FullMask Has all permissions on the Web site. Not available through the user interface.        

.

No comments:
Labels: , ,

1/06/2010

Enumerate an enumeration!

 

A quick way to find all of the values of an enumeration (that Microsoft may have not completely documented).

System.Enum.GetNames returns an array of strings with the names

System.Enum.Parse looks up the numeric value using the string name

 

This example lists the value of a SharePoint enumeration named SpBasePermissions:

 

C# example:

//show name, decimal and hex
foreach (string enumName in Enum.GetNames(typeof(SPBasePermissions)))
{
    Console.WriteLine(String.Format("Item: {0,-25} Value: {1,20} {1,20:X}",
        enumName, (ulong)Enum.Parse(typeof(SPBasePermissions), enumName)));
}

 

VB.Net example:

For Each enumName As String In [Enum].GetNames(GetType(SPBasePermissions))
    Console.WriteLine(String.Format("Item: {0,-23} Value: {1,20:D} {1,20:X}", _
        enumName, [Enum].Parse(GetType(SPBasePermissions), enumName)))
Next

 

Result:

image

No comments:
Labels: ,

1/01/2010

SharePoint: Exploring SharePoint CMP Export Files (and a demo application)

 

I found the missing files! I've uploaded them to GitHub. See "Downloads" below. (These are the original files, unmodified since 2010.)


Nearly two years ago I wrote another blog on this topic and referred to a little application I had written to explore a CMP file that could also extract individual files from the CMP. Shortly after that, and before I could upload the app, the hard disk in my laptop died. I recovered most of the content of the drive, but had thought I had lost my Visual Studio directories. Guess what! I revisited that drive (I never throw things away…) looking for some old pictures and I found the missing app!

 

First go read the original article: Exploring SharePoint CMP Export Files. There you can see what’s in a CMP and how to manually extract the files.

 

To help understand the CMP Manifest file I wrote a small .Net program to list the SPObject elements and a handful of attributes from each one.


image

The first step is to open the CAB file and extract the Manifest.xml file. As I have always been amazed at the features found in the .Net libraries, I figured I would find a CAB extractor library in the Framework. Turns out there was one in the one of the Betas, there is not there now. (There is a Zip library though!) So I ended up using the CAB extractor found in Windows, extrac32.exe. (For details type “extrac32 /? | more” at the command prompt.) So within the app I used System.Diagnostics.Process to run extrac32 to extract the files. The Manifest.xml file is then loaded into an XmlDocument object, parsed into a DataTable and then displayed in a GridView.

The List Content button extracts the manifest.xml file from the CMP file and then extracts some of the descriptive content of the manifest file to display a fair amount of detail in the GridView. The manifest documents EVERYTHING about the site, so I added some checkboxes to filter the display.

  • Files Only – well… only displays manifest entries about files (including ASPX, master pages, and other non-content files)
  • Exclude ASPX – hides ASPX files (in the next update I’ll have it hide all non-content files)
  • Include List Items – I hid list content as a default as most of the interesting stuff is in the XML and is different for each list type. If you check this box then all list items are added to the grid. You can check scroll to the right and click in the XML column to see the full XML description of the list item.

Extract All Files extracts all of the files, then renames them and puts them into a SharePoint-like directory structure. Note that this example has three subsites in the backup.

             image

The extracted files are where you would expect them to be, Shared Documents in this example, and still have their correct Date Modified:

image

 

Extract Selected extracts individual files to any location you pick. To select a file click the “selectors” at the left of each row. To select multiple files use the normal click, shift-click, ctrl-click techniques.

            image

 

Downloads:

https://github.com/microsmith/SharePointBackupCMPExplorer

 

 

Downloads

I will probably most this into CodePlex.com, but for now you can download it from here:

  EXE only:   download  (9k)

  Project zip:  download  (107k)

 

.

16 comments:
Labels:

12/29/2009

SharePoint: Add a “You are leaving this site” message to a links list.

 

This article is a variation of “http://techtrainingnotes.blogspot.com/2009/07/sharepoint-adding-popups-to-link-lists.html” and makes just one small change:

Replace:

links[i].target="_blank“

With:

links[i].onclick=function () {alert('you are now leaving this site')}

 

The links list web part is a quick and easy to add a list of links to vendors, other SharePoint sites or the most popular documents in a library. The problem is that the links list web part does warn users that they are about to leave your site (and you may have a legal reason to tell them so).

A typical links list:

            image

To change a links list to display an exit message:

  • Add a Content Editor Web Part (CEWP) just below the links list web part
  • Modify the CEWP and set a title then click Source Editor
  • Copy and paste the HTML and JavaScript below
  • Edit the JavaScript to change the word “Links” to the name of your links list web part (title of the web part, not the title of the actual list, although they may be the same)
    if (x(i).summary=="Links")     to
    if (x(i).summary=="Your Links List Title")
    (If you are not sure, display your page, select Source from the View menu and search for “.summary”)
  • Also… in the Advanced section of the CEWP’s properties change Chrome to “None” to hide the CEWP
  • Exit the edit mode and see if it works

 

<script>
// CEWP trick from techtrainingnotes.blogspot.com!
// Find the link list  (change "Links" to your web part's name)
var x = document.getElementsByTagName("TABLE") // find all of the Tables 
  var LinkList
  var i=0;
  for (i=0;i<x.length;i++) 
  {
    if (x[i].summary=="Links")
    {
      //
      LinkList = x[i];
      break;
     } 
  }

// add a target to the <A> tags
var links = LinkList.getElementsByTagName("A") // find all of the 
  for (i=0;i<links.length;i++) 
  {
    links[i].onclick=function () {alert('you are now leaving this site')}
  }
</script>

 

 

.

No comments:
Labels: ,

12/23/2009

SharePoint: Wiki Search and Replace

 

Note: The following works in both SharePoint 2007 and 2010. Just be aware that the 2010 “Site Pages” library is also a wiki library!

 

Recently I was asked about how to do a search and replace on text in all of the articles in a wiki. As there is no built-in way to do this I wrote a simple web page to do this.

Note that the example below is trivial and:

  • Is presented as a learning exercise
  • Does not include a master page
  • Must be deployed to the Layouts folder of the web servers
  • Is case sensitive
  • Is over all not too flexible… but it is presented to get you started on your own nice looking page…
Background:
  • A wiki is a library (and a library is just a fancy list)
  • The content displayed in a wiki is stored in a column of the library named “WikiField” (creative huh!)
  • Accessing a list and updating data via the SharePoint API is pretty easy
What you could do to make this better:
  • Just about anything…  ;-)
  • Add support for “Ignore Case”
  • Add a checkbox list of what was found and let the user decide to replace or not
  • Add the application master page and make this look like SharePoint
  • Write it as a little Windows application that calls the SharePoint web services so nothing has to be deployed to the web servers

Here’s what the page looks like:
image

To create this you will need to create a web page (ASPX) and a code behind file and copy them to the LAYOUTS folder on the web front end servers. You will then access the page by going to the site with the wiki(s) and navigating to the new page:
   http://yourserver/sites/yoursite/_layouts/WikiSearchReplace.aspx

 

What’s the <SharePoint:FormDigest runat="server" /> about? See here.

The ASPX page:  (WikiSearchReplace.aspx)

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="WikiSearchReplace.aspx.cs"
  Inherits="WikiSearchReplace" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%@ Register TagPrefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls"
  Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
  <title>Untitled Page</title>
</head>
<body>
  <form id="form1" runat="server">
    <SharePoint:FormDigest runat="server" />
    <div>
      Wiki Libraries:
      <asp:DropDownList ID="ddlWikis" runat="server">
      </asp:DropDownList><br />
      <br />
      <table>
        <tr>
          <td>
            Find what:</td>
          <td>
            <asp:TextBox ID="txtFind" runat="server" /></td>
        </tr>
        <tr>
          <td>
            Replace with:</td>
          <td>
            <asp:TextBox ID="txtReplace" runat="server" /></td>
        </tr>
      </table>
      <asp:Button ID="btnReplace" runat="server" Text="Replace" OnClick="btnReplace_Click" />
      <br />
      <asp:Label ID="lblResults" runat="server" />
    </div>
  </form>
</body>
</html>

and here’s the code behind: (WikiSearchReplace.aspx.cs)
using System;
using System.Web;
using Microsoft.SharePoint;

public partial class WikiSearchReplace : System.Web.UI.Page 
{
    protected void Page_Load(object sender, EventArgs e)
    {
        // Get a list of all WIKIs in the site and add to the dropdown
        // WIKI = SPListTemplateType.WebPageLibrary
        if (!IsPostBack)
        {
            SPWeb web = SPContext.Current.Web;
            foreach (SPList lst in web.Lists)
            {
                if (lst.BaseTemplate == SPListTemplateType.WebPageLibrary)
                {
                    ddlWikis.Items.Add(lst.Title);
                }
            }
        }
    }

    protected void btnReplace_Click(object sender, EventArgs e)
    {
        // Get the current site
        using (SPWeb web = SPContext.Current.Web)
        {
            SPList list = web.Lists[ddlWikis.SelectedItem.ToString()];

            int articleCount = 0;
            int occurrenceCount = 0;
            string wikiText = "";

            foreach (SPListItem wikiItem in list.Items)
            {
                wikiText = wikiItem["WikiField"].ToString();
                if (wikiText.Contains(txtFind.Text))
                {
                    articleCount++;

                    // a trick to get the word cound
                    int count = (wikiText.Length - wikiText.Replace(txtFind.Text, "").Length) / txtFind.Text.Length;
                    occurrenceCount += count;

                    wikiItem["WikiField"] = wikiText.Replace(txtFind.Text, txtReplace.Text);
                    wikiItem.Update();
                }
            }
            lblResults.Text = articleCount.ToString() + " articles updated, " + occurrenceCount.ToString() + " occurrences updated";
        }
    }
}
No comments:
Labels: , ,

SharePoint: The security validation for this page is invalid

 

Note: The following applies to both SharePoint 2007 and 2010.


When creating an ASPX page in the LAYOUTS folder that updates SharePoint content via the API (mylistitem.upate) you may get the following message when posting back to the page:

 

2007:
image

2010:
image

Many articles on the web suggest using AllowUnsafeUpdates: 

SPWeb web = SPContext.Current.Web;
web.AllowUnsafeUpdates = true;


While this works, it does open the page up to cross-site scripting vulnerabilities. (See here: MSDN)

A better practice is to add a FormDigest control to your page. (See details here: MSDN)  If you are not using a master page or a complete “SharePoint page” then you will also need to add a Register line to reference Microsoft.SharePoint.WebControls.

The reference:

<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>

The control:

  <SharePoint:FormDigest runat=server/>

A sample page:

 

<%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_default" %>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<%@ Register Tagprefix="SharePoint" Namespace="Microsoft.SharePoint.WebControls" Assembly="Microsoft.SharePoint, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" %>


<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Untitled Page</title>
</head>
<body>
<form id="form1" runat="server">
<SharePoint:FormDigest runat=server/> 
<div>
    <asp:TextBox ID="txtSomeText" runat="server" />
<asp:Button ID="btnReplace" runat="server" Text="Replace" OnClick="btnDoSomeWork_Click"  />
</div>
</form>
</body>
</html>






.
4 comments:
Labels: , ,

12/21/2009

SharePoint: Worst SharePoint Error Message?

(MOSS 2007)

“WSS_Search_servername on servername contains user-defined schema. Databases must be empty before they can be used. Delete all of the tables, stored procedures and other objects or use a different database.”

 

Just got this on one of my virtual machines:

image

 

I just love this part: “Delete all of the tables, stored procedures and other objects or use a different database.” That’s kind of like responding to “I can’t connect to the internet” with “format drive C: and start over”.

Either the developer was having a bad day or has a real attitude!

 

Is this important?   Not really!   WSS Search is only used in MOSS to index the SharePoint help files, and this only needs to be done once (at least until the next service pack potentially updates the search content).  And, have you ever found this help content to be very helpful?

So for now… help works, but is just not searchable. You can still navigation the table of contents. (But I do have a fix at the end of this article…)

 

No results: But should look like this:
image image

                                                           

 

How I got the error:

This message was displayed in Central Administration when I tried to start the search services. I’m not sure why they were stopped. I may have stopped them to improve performance on the VPC or they may have just stopped.

image

 

 

A similar error was logged in the Windows Event log:

image

 

 

 

The fix?

Go to Central Administration to the services on server list and click start for the WSS Search. Enter a new database name!  I just appended a “B” to the end of the existing name.  (You can now go to your SQL admin tools and delete the old database if you like.)  I also had to do an IISRESET, but could have probably waited and it would have reindexed.

And… after you get it working and the content has been index, stop it!  Or at least set the schedule so it only indexes once a night. The Help content NEVER CHANGES!

image

No comments:
Labels:

12/07/2009

SharePoint 2010: Change the passphrase

 

When you install SharePoint using an option other than Stand-Alone you will be asked for a “Passphrase” that can be used later on for things like adding a new server to the farm. This is especially needed if you let SharePoint 2010 manage your service account passwords where SharePoint will automatically change the passwords to strong, but unknown passwords.

I don’t think there is anyway to retrieve the passphrase if you forget it. If you need to change the passphrase after the install you can use PowerShell. (Don’t know PowerShell yet? You will…) 

  • From your Start menu select “SharePoint 2010 Management Shell” or Start, “Microsoft SharePoint 2010 Products”, “SharePoint 2010 Management Shell”
  • Then enter:

      C:\PS> $passphrase = ConvertTo-SecureString -asPlainText -Force
      C:\PS> Set-SPPassPhrase -PassPhrase $passphrase -Confirm

The first line will prompt you for a password and store the secure version in the $passphrase variable.
The second line will prompt you to confirm the passphrase and then ask you if you are REALLY sure you want to do this.

 

image

 

I have not seen anything in TechNet on this command yet. For help on this command from PowerShell type:

    help passphrase

      or

    help passphrase  -examples

image

1 comment:
Labels: ,

12/06/2009

Silverlight: Useful links

Below are some of the resources I refer to in my Silverlight classes.

These include:

  • Official Sites
  • Tutorial Sites
  • Best places to ask questions (forums)
  • What’s new in Silverlight 3
  • What’s new in Silverlight 4
  • Downloads
  • Other useful links

 

Official Sites:

 

They both claim to be “the official site”!

Sites for Expression Blend:

MSDN Library for Silverlight

 

Tutorial Sites:

 

 

Best places to ask questions:


MSDN forums:

Silverlight.net Forums:
(As of 12/5/09: 178,572 threads and 222,975 posts, contributed by 67,146 members from around the world!)

  • http://forums.silverlight.net/default.aspx
    • Installation and Setup
    • Getting Started
    • Hosting and Streaming
    • New Features in Silverlight 3
    • Silverlight 4 Beta
    • Designing with Silverlight
    • Video and Media
    • Expression Studio
    • Programming with JavaScript
    • Programming with .NET – General
    • Silverlight Controls and Silverlight Toolkit
    • Visual Studio & Silverlight Development Tools
    • Report a Silverlight Bug
    • Accessing Web Services with Silverlight
    • Game Development
    • WCF RIA Services

 

What’s new in Silverlight 3:

 

What’s new in Silverlight 4:

 

Downloads:

Other useful links…

 

What percent of users actually have Silverlight installed?

Datasets and Data Tables with Silverlight:

As a .Net developer we know DataSets and DataTables, and we often deliver these via web services, but Silverlight does not directly support Datasets or Datatables. There are a few workarounds using LINQ, custom libraries and even a custom grid control…

Pushing data to Silverlight from a server

Dealing with Cross-Domain issues

About loading images (and URLs)

Silverlight to JavaScript, JavaScript to Silverlight:

 Silverlight and SharePoint

No comments:
Labels:

12/03/2009

SharePoint 2010: Office Web Apps – The “in browser” Office

One of the cool features demo’ed with SharePoint 2010 are the “in browser” Office Web Apps. These are browser based versions of Word, Excel, PowerPoint and OneNote. But…  you won’t find these when you download and install Beta 2. They are a separate download and install.

Cool stuff:

  • Create, View and Edit Excel, Word and PowerPoint documents (BUT only Office 2007 and 2010 documents – docx, pptx, xlsx)
  • View and edit Word documents
  • Co-author Excel files (really! two people editing the same file at the same time and see each other’s changes as they are made!)
  • View PowerPoints, with transitions, fades, etc!  In the browser or as a full screen slide show.

Things to download and notes:

  • The instructions: Deploy Office Web Apps
  • The license key is in the above document!
  • The install file: WcServer_?????.exe  (you can download one of seven language versions)  (WcServer_en-us.exe for English)
  • Run the install
  • If you installed SharePoint as a “Standalone install” (Basic install) then do not follow the instructions in the above word document to enable the services, they were already running. All I needed to do was to go to the site collection and enable the “Office Word Apps” feature. All done… that’s all…

Other notes:

  • So far I have not seen how to create a new document using these features. The New button in the library still launches the desk top application.

Excel Web App in View mode:

  image

In Edit mode:

  image

No comments:
Labels:
Subscribe to: Posts (Atom)

Note to spammers!

Spammers, don't waste your time... all posts are moderated. If your comment includes unrelated links, is advertising, or just pure spam, it will never be seen.