none
Manage Item Permissions during Submission

    Question

  • Is there a way of allowing a Submitter to set the Item level Permissions, during submission?

    IE:  When I submit a List Item, I can give that item unique permissions.  Prior to that Item being added to the list. 

    Essenaially, I would like to add the "Permissions Management" button, to the Ribbon that appears in the Add New Item dialogue.

    I have a List where I need the submiter to tell the List who should be able to see/edit this item.  I need this because the items that are being added to the list are references to punishements for individual users and the reviewing authorities are not always the same, depending on the punishment at hand.

    Friday, September 20, 2013 3:00 PM

Answers

  • Hi tinygod,

    I have a solution for this . you can add a new column by user/group type which store user/group who can edit/delete  this item.Then write a new event receiver on item added that

    First break inheritance permission then Remove all users and finally a add certainly permissions for added item using this code :

     public override void ItemAdded(SPItemEventProperties properties)
           {
               base.ItemAdded(properties);

               if (properties.ListTitle == "YourList")
               {
                   properties.ListItem.BreakRoleInheritance(true);

                   SPSite WebApp = new SPSite(properties.WebUrl);
                   SPWeb Site = WebApp.OpenWeb(properties.RelativeWebUrl);
                   SPListItem oSPListItem = Site.Lists[properties.ListId].GetItemById(properties.ListItemId);

                  
                   foreach (SPGroup spgroupRep in Site.Groups )
                   {
                       SPPrincipal spPrincipalRem = null;
                       SPGroup targetGroupRem = spgroupRep;
                       spPrincipalRem = targetGroupRem;
                       if (targetGroupRem.ToString()!="except group name")
                       properties.ListItem.RoleAssignments.Remove(spPrincipalRem);
                   }    

                      



                       SPFieldUserValueCollection spFieldUserValueCollection = oSPListItem["Your column Name"] as SPFieldUserValueCollection;
                       if (spFieldUserValueCollection != null)
                       {
                           foreach (SPFieldUserValue spFieldUserValue in spFieldUserValueCollection)
                           {
                               SPPrincipal spPrincipal = null;                           
                               SPGroup spGroup = Site.SiteGroups[spFieldUserValue.LookupValue];
                               if (spGroup != null)
                                   spPrincipal = spGroup;
                               else
                               {
                                   SPGroup targetGroup = Site.Groups[spFieldUserValue.LookupValue];
                                   if (targetGroup != null)
                                       spPrincipal = targetGroup;
                               }
                               if (spPrincipal != null)
                               {

                                   var reader = Site.RoleDefinitions.GetByType(SPRoleType.Reader);
                                   SPRoleAssignment roleAssignment = new SPRoleAssignment(spPrincipal);

                                   roleAssignment.RoleDefinitionBindings.Add(reader);

    // reader or another permission level

                                   oSPListItem.RoleAssignments.Add(roleAssignment);
                               }
                           }

                          
                       }

               }

    Good luck .


    Saturday, September 21, 2013 9:42 AM

All replies

  • Hi,

    If I understand correctly, by default the item will inherit the permissions of list. Then we will have to

    1. Break inheritance

    2. Remove all the existing users from that item

    3. Add respective permissions for users on that item

    This can be achieved by running a workflow to run the ItemAdd event or have an event handler to perform this task programmatically.

    Hope this helps!

    Friday, September 20, 2013 4:08 PM
  • Roger, that is what I'm attempting now.

    I have the workflow do the following through use of an Impersonation Step:

      Upon Item Creation
      1) Strip all inherited permissions from current item.
      2) Add Permissions to current item, based upon a people picker column on the List entitled "Editor".

    I currently am unable to get that WorkFlow to work properly.  I fear that I could be writing this WorkFlow incorrectly.  Could you reply back with an example of a WorkFlow that would do that?

    Friday, September 20, 2013 8:44 PM
  • Hi tinygod,

    I have a solution for this . you can add a new column by user/group type which store user/group who can edit/delete  this item.Then write a new event receiver on item added that

    First break inheritance permission then Remove all users and finally a add certainly permissions for added item using this code :

     public override void ItemAdded(SPItemEventProperties properties)
           {
               base.ItemAdded(properties);

               if (properties.ListTitle == "YourList")
               {
                   properties.ListItem.BreakRoleInheritance(true);

                   SPSite WebApp = new SPSite(properties.WebUrl);
                   SPWeb Site = WebApp.OpenWeb(properties.RelativeWebUrl);
                   SPListItem oSPListItem = Site.Lists[properties.ListId].GetItemById(properties.ListItemId);

                  
                   foreach (SPGroup spgroupRep in Site.Groups )
                   {
                       SPPrincipal spPrincipalRem = null;
                       SPGroup targetGroupRem = spgroupRep;
                       spPrincipalRem = targetGroupRem;
                       if (targetGroupRem.ToString()!="except group name")
                       properties.ListItem.RoleAssignments.Remove(spPrincipalRem);
                   }    

                      



                       SPFieldUserValueCollection spFieldUserValueCollection = oSPListItem["Your column Name"] as SPFieldUserValueCollection;
                       if (spFieldUserValueCollection != null)
                       {
                           foreach (SPFieldUserValue spFieldUserValue in spFieldUserValueCollection)
                           {
                               SPPrincipal spPrincipal = null;                           
                               SPGroup spGroup = Site.SiteGroups[spFieldUserValue.LookupValue];
                               if (spGroup != null)
                                   spPrincipal = spGroup;
                               else
                               {
                                   SPGroup targetGroup = Site.Groups[spFieldUserValue.LookupValue];
                                   if (targetGroup != null)
                                       spPrincipal = targetGroup;
                               }
                               if (spPrincipal != null)
                               {

                                   var reader = Site.RoleDefinitions.GetByType(SPRoleType.Reader);
                                   SPRoleAssignment roleAssignment = new SPRoleAssignment(spPrincipal);

                                   roleAssignment.RoleDefinitionBindings.Add(reader);

    // reader or another permission level

                                   oSPListItem.RoleAssignments.Add(roleAssignment);
                               }
                           }

                          
                       }

               }

    Good luck .


    Saturday, September 21, 2013 9:42 AM
  • I'll give this a shot.

    Thanks for the reply.

    Monday, September 23, 2013 2:47 PM