$().SPServices.SPLookupAddNew and security trimming

Apr 8, 2010 at 2:49 PM
Edited Apr 8, 2010 at 2:54 PM

Another discussion on the same topic. I'd like to know, Marc, whether you know of a simple way to check for permission to add new items (mask bit 0x2) in the target list and NOT show the link? Reader guys have no permission to enumerate permissions apparently :(

I mean http://server/_vti_bin/permissions.asmx?op=GetPermissionCollection

Coordinator
Apr 8, 2010 at 7:18 PM

It depends on where "the link" is. If you're in a DVWP you can use the PermMask.  There's also the Sharepoint:SPSecurityTrimmedControl.

M.

Apr 9, 2010 at 4:24 AM

Sorry for being vague again. I mean security trimming the results of SPLookupAddNew and the like on the client side EditForm or NewForm, where there's no DVWP and all server controls have already been rendered to the browser.

Coordinator
Apr 9, 2010 at 4:30 AM

I'm not sure it'll work, but take a look at GetRolesAndPermissionsForCurrentUser
http://spservices.codeplex.com/wikipage?title=Users%20and%20Groups&referringTitle=%24%28%29.SPServices

Jim Bob's write up of how he used it may help, too. (The link is there.)

M.

Apr 9, 2010 at 4:33 AM

Sorry I must have missed it. RTFM :) Gonna try in a couple of hours.

Coordinator
Apr 9, 2010 at 4:33 AM

No worries. Let me know how you make out.

M.

Apr 9, 2010 at 7:35 AM
Edited Apr 9, 2010 at 8:19 AM

It works, at least in simple cases. Going to figure out how to check for unique item-level or list-level permissions.

By the way, if not yet, you could incorporate a function like this somewhere:

var IfHasRights = function(permissionsMask) {
                                        var permissionSet = {};
                                        permissionSet.ViewListItems = (1 & permissionsMask) > 0;
                                        permissionSet.AddListItems = (2 & permissionsMask) > 0;
                                        permissionSet.EditListItems = (4 & permissionsMask) > 0;
                                        permissionSet.DeleteListITems = (8 & permissionsMask) > 0;
                                        permissionSet.ApproveItems = (16 & permissionsMask) > 0;
                                        permissionSet.OpenItems = (32 & permissionsMask) > 0;
                                        permissionSet.ViewVersions = (64 & permissionsMask) > 0;
                                        permissionSet.DeleteVersions = (128 & permissionsMask) > 0;
                                        permissionSet.CancelCheckout = (256 & permissionsMask) > 0;
                                        permissionSet.PersonalViews = (512 & permissionsMask) > 0;

                                        permissionSet.ManageLists = (2048 & permissionsMask) > 0;
                                        permissionSet.ViewFormPages = (4096 & permissionsMask) > 0;

                                        permissionSet.Open = (permissionsMask & 65536) > 0;
                                        permissionSet.ViewPages = (permissionsMask & 131072) > 0;
                                        permissionSet.AddAndCustomizePages = (permissionsMask & 262144) > 0;
                                        permissionSet.ApplyThemeAndBorder = (permissionsMask & 524288) > 0;
                                        permissionSet.ApplyStyleSheets = (1048576 & permissionsMask) > 0;
                                        permissionSet.ViewUsageData = (permissionsMask & 2097152) > 0;
                                        permissionSet.CreateSSCSite = (permissionsMask & 4194314) > 0;
                                        permissionSet.ManageSubwebs = (permissionsMask & 8388608) > 0;
                                        permissionSet.CreateGroups = (permissionsMask & 16777216) > 0;
                                        permissionSet.ManagePermissions = (permissionsMask & 33554432) > 0;
                                        permissionSet.BrowseDirectories = (permissionsMask & 67108864) > 0;
                                        permissionSet.BrowseUserInfo = (permissionsMask & 134217728) > 0;
                                        permissionSet.AddDelPrivateWebParts = (permissionsMask & 268435456) > 0;
                                        permissionSet.UpdatePersonalWebParts = (permissionsMask & 536870912) > 0;
                                        permissionSet.ManageWeb = (permissionsMask & 1073741824) > 0;
                                        permissionSet.UseRemoteAPIs = (permissionsMask & 137438953472) > 0;
                                        permissionSet.ManageAlerts = (permissionsMask & 274877906944) > 0;
                                        permissionSet.CreateAlerts = (permissionsMask & 549755813888) > 0;
                                        permissionSet.EditMyUserInfo = (permissionsMask & 1099511627776) > 0;
                                        permissionSet.EnumeratePermissions = (permissionsMask & 4611686018427387904) > 0;
                                        permissionSet.FullMask = (permissionsMask == 9223372036854775807) ;

                                        return permissionSet;

                                    }

Apr 9, 2010 at 10:24 AM
Edited Apr 9, 2010 at 10:26 AM

Now I see why Jim Bob uses explicit equality for the FullMask value. Values larger than 2 * ManageWeb (1073741824) -> 32 bit are too large for JScript engine to perform bitwise comparison.