Webpart security

If the webpart need to access Sharepoint server info, there are 3 options when deploying the webpart in security context:

1. Deploy to GAC, and no other settings need to be changed. Downside: need to recycle application pool when upgrade; webpart will be available to all sites in same server.
2. Deploy to \Bin, and change trust level in web.config to at least WSS_Medium. Downside: this grant the whole ASP.NET application higher access rights. This is very convinient in development stage.
3. Deploy to \Bin, and change trust level in web.config to wss_custom, then change/add the config file in \Program Files\Common Files\Microsoft Shared\web server extensions\12\config. This is safer because it only grant access to specified webparts. Recommended for production environment.

In any case, the webpart need to be signed (obviously) and marked as ‘SafeControl’ in web.config file.

If the webpart doesn’t need to access server resource, only need to mark it as SafeControl in web.config and add this line:

[assembly: AllowPartiallyTrustedCallers]

to the source file.

Add, Delete and Recycle Bin

• SPWeb.Folders.Add() will not throw exception if the folder already exists. If that’s the case it will return that folder object. However the parent folder must already exists, versus in C#, Directory.CreateDirectory() will automatically create the whole tree. I had to write my own function to automatically create the whole tree.

• SPFolder.Delete() and SPFile.Delete() will not throw exception if the folder/file doesn’t exist. So you can just call it directly without checking Exists property. Watch out for checked out file.

• Items deleted through UI will be in Recycle Bin. (Recycle Bin can be disabled.) But items deleted using delete() API will be deleted permanently (there is a SPFile.Recycle() function that does what it’s named). When a file is restored from Recycle Bin, ItemAdded event will be fired. However no event is fired when a folder is restored.

_files folder (part 3) Special delete rules for _files folder

• If there are sub-folders under this _files folder, you can’t simply just delete the _files folder. If you do so, you will get exception when you try to create same sub folder in same _files folder.
  
  
  • For a regular folder, you can always do this:
    1. web.Folders.Add(“Root folder”)
    2. web.Folders.Add(“Root folder/sub folder”)
    3. web.GetFolder(“Root folder”).Delete() // this will remove all folder content
       
    4. web.Folders.Add(“Root folder”)
    5. web.Folders.Add(“Root folder/sub folder”)
  • However for _files folder, step 5 will throw exception with message “Cannot create xxxx”. No further information available for the reason. You have to specifically delete all sub folders of it, then delete _files folder. Then you create _files folder, then sub folder.

_files folder (part 2) – “You cannot copy or move a thicket file” – how to rename

Unlike in Windows explorer, if you delete/rename the htm file (even purge from Recycle Bin) in Sharaepoint, the supporting folder will NOT be renamed or deleted. If you try to rename the folder by calling MoveTo( string newFolderName ) method, you will receive this error message: “You cannot copy or move a thicket file. To change the file name or create a copy of the file, open the file and save as to a new name.“ The rule is that none of the previous folder name or new folder name can ended with ‘_fiels’ keyword. So, how do you rename such a folder to another name?

OK, how about to create the new _files by the new htm name, then move the files/subfolders over, then delete the old one? Well, you will receive the same error message. OK, then how about create another temp folder with a regular name and use it as a transit folder? A little better – the sub folders are OK but the files directly under it will still give you same error message.

Final workaround: create a local working folder and download the content, then create new folder at Sharepoint and re-upload everything, finally delete the old folder. This seems the only solution.

In my project, I came up with a better idea after wasting almost 2 days – I simply delete the old file and _files folder, and use another existing module to upload the new file.

_files folder (part 1) – what’s special about it

If you create a folder in Sharepoint named like myfilename_files, this folder will be hidden on the UI. Many MS generated HTM files have this supporting folder.

(Note: you will not be able to create this kind of folder through Sharepoint UI, in which case an extra underscore will be appended to the folder name. You have to do it through API.)

If you do something like this:

SPFolder folder = web.GetFolder( “Shared Documents/myfilename_files”)

You will get folder.Exist is false. It seems that Sharepoint doesn’t want to reveal the existence of the folder. However you can delete the folder:

folder.Delete()

No exception will be thrown if the folder doesn’t exist, and sub folders and files will be deleted altogether. So do it carefully.

This screen dump of the properties of such a folder will help us to understand it better:

=======================web.GetFolder(“Shared Documents/myfile_files”)
{Shared Documents/myfile_files}
Audit: {Microsoft.SharePoint.SPAudit}
ContainingDocumentLibrary: {f0ba6962-57bd-42d1-b243-1a3ab63cb20f}
ContentTypeOrder: Count = 1
Exists: false <-note this
Files: {Microsoft.SharePoint.SPFileCollection}
Item: null
Name: “myfile_files”
ParentFolder: {Shared Documents}
ParentListId: {f0ba6962-57bd-42d1-b243-1a3ab63cb20f}
ParentWeb: {DMS(Demo Live Site)}
Properties: null <-note this
ServerRelativeUrl: “/Shared Documents/myfile_files”
SubFolders: {Microsoft.SharePoint.SPFolderCollection}
UniqueContentTypeOrder: ‘web.GetFolder(“Shared Documents/myfile_files”).UniqueContentTypeOrder’ threw an exception of type ‘System.NullReferenceException’ <-note this
UniqueId: ‘web.GetFolder(“Shared Documents/myfile_files”).UniqueId’ threw an exception of type ‘System.NullReferenceException’ <-note this
Url: “Shared Documents/myfile_files”
WelcomePage: ‘web.GetFolder(“Shared Documents/myfile_files”).WelcomePage’ threw an exception of type ‘System.NullReferenceException’ <-note this

=======================

This type of folder will not be listed under SPFolder.SubFolders collection.

Publish a Major Version – events

Publish a Major Version: this menu is only available when file is in a checked-in status. If it’s already checked out, it can only be checked in. When action is taken, ItemCheckedIn event is not called. Instead, ItemUpdated is called. However, both BeforeProperties.ChangedProperties and AfterProperties.ChangedProperties contains zero information so you can’t tell from ItemUpdated event if this is a “publish” action.

The version # will be automatically bumped to next major version #.

Unpublish this version: same as above, it’s also only available for checked-in status. The version # will be rolled back and ItemUpdated event will be called. ItemCheckedIn is not called (obviously).

If one want to handle these 2 menu actions, seems ItemUpdated event is the only entrance. However many other actions will also trigger ItemUpdated event.

If you want to remove these 2 menus,  edit core.js under \12\TEMPLATE\LAYOUTS\1033\ folder.  I commented out a section in AddCheckinCheckoutMenuItem function to hide the Unpublish menu. I did that because for unknown reason it would cause “Access Denied” error when someone does that after we customized the security.

Events in Microsoft Sharepoint 2007

MS provides very limited documentation on the sequence of the events, or what event(s) a particular action will incur. Here is my findings:

I didn’t handle xxxING events. Here are all xxxED events:

Folder operations:

• Add a folder: ItemAdded. No ItemUpdated.
• Delete a folder: very strange, ItemDeleted is not called. ItemDeleting is called. If folder contains files, files do not fire events. Update:ItemDeleted may have been called. But since the GUID is no longer valid so there is little use to catch this event.
• Update: If folder name is actually changed, both ItemFileMoved and ItemUpdated will be called. Otherwise, only ItemUpdated will be called. Note: even there are files under this folder, only one ItemFileMoved event will be fired for the folder.
• Restore from recycle bin: Note: neither folder nor the files within it fires ItemAdded or ItemUpdated event.

File operatins:

• Add file: ItemAdded. ItemUpdated and ItemCheckedIn will follow if choose to Checkin at the second step. When upload multiple documents, only ItemAdded will be called because there is no 2nd step window at all.
  When you add a new item, only the ItemAdding event is raised. However, in cases where Explorer View is used, both the ItemAdding and ItemUpdating events are raised. In such cases the ItemUpdating event always occurs after the ItemAdding event occurs.
• Checkin: ItemCheckedIn and ItemUpdated. There is no fixed order which one is called first. They are simultaneous.
• Update: If file is not changed, only ItemUpdated. Otherwise, ItemFileMoved will also be called. No fixed order.
  • Special note on file name change (same to folder name change): in one case, the ItemUpdated event handler throw exception in the middle due to a ‘File not found’ error. Please look out for this scenario.
  • Be careful when making changes in this event, which will incur next ItemUpdated event, which will also incur next. Put some logic there before making changes.
  • If the file is renamed in ‘Explorer view’ like a regular Windows file, only ItemFileMoved event is fired.
• Delete: ItemDeleting. See note about folder delete above.
• Delete from recycle bin: no event caught.
• Restore from recycle bin: ItemAdded
• Checkout: ItemUpdated/ing is NOT called (ItemCheckedOut should also be called which I didn’t verify). Note: however the version number increases when checking out (can be found in properties), not until check in. I’m a little puzzle since if version # changes, ItemUpdated should be called.
• Discard checkout: ItemUpdated/ing is not called.

Good reference: http://blogs.msdn.com/brianwilson/default.aspx