0
votes

In sharepoint, the access to discussion boards appears to be modified by two means.

  1. In the Advanced Settings, you can modify the Item-level Permissions to where users that have contribute or higher permission may either edit/delete everyone's posts, or only their own.
  2. And of course, you can adjust the privileges for Read-only, Contribute, Design, or Full Control.

I would like to give all of the users that contribute to the discussion the ability to add, edit, and delete their own entries. However, I would like to give a select few users the privilege to edit and delete everyone's.

What is the best way to accomplish this?

I am guessing it is possible to write an EventReceiver and toggle the "advanced setting" for each user. Another though is to give design privilege to the moderators, and remove the design capabilities for that Discussion Board.

Any other ideas?

2

2 Answers

1
votes

The ReadSecurity/WriteSecurity permissions (point #1) are applied on a list level, not a user level, so it would be extremely awkward to try to divide this on a user basis. However, although these apply to all users for that list, users of elevated privilege are able to see and edit all items on the list regardless of this permission (provided they haven't had their permissions completely revoked as per utility of point #2). I believe the requisite permission is "ManageLists" for this privilege, but Full Control will definitely work.

You could do it by modifying the actual permission levels for users on each item, but it's much cleaner to simply work with the ReadSecurity/WriteSecurity.

1
votes

As a work-around, I implemented an event handler (SPItemEventReceiver) to intercept updates (ItemUpdating) and deletes (ItemDeleting).

:Check for ownership: It compares the current user to the item["Author"], to determine if they are the owner, which gives them permission to edit/delete.

:Is in moderator group: If that is not true, then I have added an additional user group for moderators. One key is that the group, though not used normally, must have permission such as Contributor assigned to it. The SPWeb has IsCurrentUserMemberOfGroup for determining whether the user belongs to the Moderator group.

//----------------------------------
//here is enough to get you started.
//----------------------------------

class DiscussionBoardItemCreated : SPItemEventReceiver
{
  public override void ItemUpdating(SPItemEventProperties properties)
  {
     //check ContentType 
     //  -- properties.AfterProperties["ContentType"]
     //are they the owner 
     //  -- item["Author"]
     //are they in a particular user group 
     //  -- web.IsCurrentUserMemberOfGroup(web.Groups["MyModeratorGroup"].ID)

     //properties.Cancel = true -OR- false;
     //properties.ErrorMessage = "" -OR- "No access";
  }
}

Also, you'll need to to elements.xml.

FROM: http://koenvosters.wordpress.com/2009/07/31/howto-create-an-event-handler-for-sharepointmoss-2007/

<?xml version=“1.0“ encoding=“utf-8“ ?>
<Elements xmlns=“http://schemas.microsoft.com/sharepoint/“>
   <Receivers ListTemplateId=“100“>
      <Receiver>
         <Name>AddingEventHandler</Name>
         <Type>ItemAdding</Type>
         <SequenceNumber>10000</SequenceNumber>
         <Assembly>MyEventHandler, Version=1.0.0.0, Culture=neutral,PublicKeyToken=ca176e059473d6b1</Assembly>
         <Class>MyEventHandler.DemoEventHandler</Class>
         <Data></Data>
         <Filter></Filter>
      </Receiver>
   </Receivers>
</Elements>