1
votes

Currently the entire ListItem is removed from the Doc library if the user does not have permission to view the corresponding document, but I would really like it if the user could at least see the meta data with the list item, and prevent them from accessing the corresponding document (ie they click on the document link and get denied, or they type in the url by hand and get denied, etc).

Is there some Document Library event handler that handles 'accessing' a document which I can implement and check the user's permissions before passing off the document to them? Or something along those lines..

3

3 Answers

0
votes

Lists/Libraries have the following item-level event handlers:

  • ItemAdded
  • ItemAdding
  • ItemAttachmentAdded
  • ItemAttachmentAdding
  • ItemAttachmentDeleted
  • ItemAttachmentDeleting
  • ItemCheckedIn
  • ItemCheckedOut
  • ItemCheckingIn
  • ItemCheckingOut
  • ItemDeleted
  • ItemDeleting
  • ItemFileConverted
  • ItemFileMoved
  • ItemFileMoving
  • ItemUncheckedOut
  • ItemUncheckingOut
  • ItemUpdated
  • ItemUpdating

As you can see, there are no events to handle opening an item.

In order to prevent the user from accessing the document from the library listview webpart, you could potentially extend the OOTB listview webpart to incorporate your required functionality or use a secondary webpart to manipulate the OOTB listview webpart through the SharePoint API or javascript.

0
votes

This is something completely experimental, I have not tried it and never heard of anyone who has, but here goes: There is a file named serverfiles.xml under Template\Xml folder. You can also create your one, just be sure to build the name as following: serverfiles[yourname].xml. This file controls redirects depending on file types, this way for instance InfoPath XML files are redirected to Forms Server. You could:

  1. Redirect all Office files to your custom ASPX page
  2. In that page's code behind apply some kind of custom permissions check (say create a group of Readers, if the user is only in that group means he can only see the metadata).
  3. Redirect restricted users to a custom error page.

This way the users can see the metadata (because from the point of view of SharePoint they are readers), but cannot see the document (as you are blocking that). Again, I have not tried it, but it might just work.

If you decide to go for it, I would love to know how it went :)

0
votes

The answer to my question: create a custom httpHandler that handles the document types that must be intercepted.

Good articles: http://dotnetslackers.com/articles/aspnet/WatermarkingPDFDocumentsUsingHttpHandlers.aspx http://blogs.msdn.com/b/kaevans/archive/2010/08/04/deploying-an-asp-net-httphandler-to-sharepoint-2010.aspx

Also, there may be a bug with the generic handler code that visual studio creates, read this article for creating an httpHandler with code behind, http://aspnetresources.com/blog/httphandler_code_behind