Hoc est aliud post in mea in-ingressus series in uti mauris cum SharePoint.
Sis commodo lorem ipsum, Ego altus suadeo: commodo in Actionis per Ursus Bibeault et Yehuda Katz.

One of the first things I thought, once I started to play around with jQuery, was whether we could use it to secure a SharePoint view. The answer is “no” (or at least, I’m not claiming it’s possible). Autem, it is certainly possible to make it difficult for people to see a particular view.

I started with my sandbox environment when working on this. I wrote about that environment here: Vivos et Securus: Creare tua Suas commodo Sandbox enim SharePoint.

To “secure” a view, follow these steps:

1. Create a view you want to secure. I did that and called it “Secured View”.

   This is what it looks like when it’s not “secured”:

   

2. Add a content editor web part to the view’s page using the trick described in the sandbox article (i.e. add “PageView=Shared&ToolPaneView=2” to the URL).
3. Figure out your SharePoint _spUserId by following these crazy steps, believe or not:
   1. Log into your SharePoint environment.
   2. In the web browser’s address field, typus: “javascript:alert(_spUserId”).
   3. Record the result (it’s “13” in my case).

      

4. Add the following javascript to your CEWP in code view:
   
   

   <scriptor     type =,,en,"../../jQuery Library/jquery-1.3.2.min.js,,en,sujith Krish,,en,Nonne vidisti, quod addit in CEWP editform.aspx ut conteram versionem ad paginam principem et notitia ostendit sectionem in III,,en,Quis hoc workarounds,,en,Aliquis,,en"text/javascript" src ="../../jQuery Library/jquery-1.3.2.min.js"> </script> <script typus ="text/javascript"> $(munus() { alert(_spUserId); var theSecuredView = $('iframe[FilterLink*=Secured View]'); si ((theSecuredView.length > 0) && (_spUserId == 13)) $('iframe[FilterLink*=Secured View]').parentis().parentis().parentis().html("<tr = rubrum bgcolor><td>No view for you!</td></tr>"); }); </script>

I’ve included that alert(_spUserId) line in there to demonstrate how this is not really a “securing” a view, but simply making it more difficult to see. More on that in a moment.

Basically, jQuery is looking for an iFrame on the page who has an attribute that contains “Secured View” in its value. Once it finds it, we check to see if the current user is “13”. If it is, we walk up the DOM to a <TR> tag (which I figured out by viewing source and tracing it) and then replacing that TR tag with my message. I really don’t know how robust this is (I’m very suspicious, in facto), but it worked in my sandbox. If I find a better way, I’ll blog about it. This is the result:

I click the OK button and the data is replaced with a big red message:

As you can tell, the way I’ve implement this “security” solution is to allow the web part to render itself. After it finishes, I overwrite its content with my “No view for you!” message.

Despite the fact that it’s not really a “secured’” view, it’s potentially useful and with some clever work, it may eventually be securable in a more formal sense. The fundamental issue is that the client is getting all the data and then, only after it gets the data, it wipes it out. If the client is getting the data, a clever user can prevent the jQuery from running at all and see what he/she wants to see.

There are other drawbacks. This “security” approach is based off a _spUserId. We’d want to really secure based on the full SharePoint security model, or at least by user name. That becomes progressively harder, but I see some good stuff written on this subject, so I’m hopeful there’s a good answer to that problem.

The list of views themselves should be trimmed, si fieri potest,. I haven’t tried to figure that out. I assume it’s possible, but doesn’t really solve the fundamental security issue because someone could still just type the URL of the view they want (if they knew it). Autem, trimming makes sense. It’s a good usability feature and it helps to obfuscate things. If an end user doesn’t know that the view event exists, they probably won’t try to use it. Aliquando, that’s good enough.

With luck, I’ll have more to write on this subject over time.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Hoc est aliud post in mea in-ingressus series in uti mauris cum SharePoint.
Sis commodo lorem ipsum, Ego altus suadeo: commodo in Actionis per Ursus Bibeault et Yehuda Katz.

Antea, I wrote about how to use jQuery to locate and hide a text field on a form. Non magnopere ad eos aditus specifica (Chaining parentibus fui - quod suus simpliciter non fit his diebus, saltem in familiis qualitatis).

Cum primum coepi cogitare, Scio invenire opus <TR> quibus poterat abscondere invocant() methodo. Invenire rectam primori labore <TR> Erat huic simile:

$('Tr:habet(input[title = abscondas me!])');

Invenies quod est forsit <TR> tag, qui habebat aliquam habitudinem ad parent protege me! agrum, etsi me abscondet! et nidificas in tot gradus est altus <TR>'S. Evenit ut in forma mea sandbox, qui invenit expressionem 9 aliter qui me abscondet TR scriptor! sicut puer alicubi in DOM ligno. I realized that I could walk back up the tree from the input field itself, Ut 'quam EGO nisus sursum parentes inproperabant, mihi autem non sedet apta.

Hoc cogitet quae ego legi et sic tandem: Uti non potui() de methodo plana <TR>’s I don’t want in my wrapped set. Qui eduxit me ad hoc:

$('Tr:habet(input[title = abscondas me!])').non('Tr:habet(tr)').abscondere();

Primus omnium invenit frenum <TR> tags qui in me abscondet! field anywhere in their own hierarchy. It then strips out any <TR> quod etiam puer <TR>. This leaves us with a single <TR> quod:

1) Non habet <TR> Puer commemorat

2) Does have the input field as child.

Possumus ergo adhibere hida() inde in statuto fit modus et sumus.

Hoc adhuc sum aliquantulus nervous, sed non sicut parentum timidus sicut chaining.

I don’t know if this is a best practice or not. There may be a more appropriate way of identifying just the <TR> that we care about in a SharePoint form. If you know, placere stipes a comment.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Hoc est aliud post in mea in-ingressus series in uti mauris cum SharePoint.
Sis commodo lorem ipsum, Ego altus suadeo: commodo in Actionis per Ursus Bibeault et Yehuda Katz.

UPDATE (iam!): Putabam rationem melioris locant <TR> tag volo ad abscondere et scripsit de hic. You may still find this article interesting anyway so I’m leavnig it up.

Volo ad occultare text agro, "Abscondas me!"Ut ostensum:

'

Sequenti mauris facit dolum enim me:

<script typus ="text/javascript">

  $(munus() {


    $('Input[title = abscondas me!]').parentis().parentis().parentis().abscondere();

  });

</script>

In codice est dicens, "Invenire me omnes input agros cuius title = abscondas me!. Igitur, adepto parentis et deinde parens et * deinde * parens (phew!) et invocare corium() modus in quod res, quicquid fit ad esse.

Ego figuratum parens structura per prospiceret HTML in forma quod SharePoint creavit ut ostensum:

<TR>
    <TD nowrap="true" primum sic="top" latitudo="190px" genus="ms-formlabel">
        <H3 genus="ms-standardheader">
            <nobr>Abscondit me!</nobr>
        </H3>
    </TD>

    <TD primum sic="top" genus="ms-formbody" latitudo="400px">
        <!-- FieldName="Hide Me!"
                 FieldInternalName="Hide_x0020_Me_x0021_"
                 FieldType="SPFieldText"
        -->
        <span vobis="none">
            <input
                nomen="ctl00$m$g_bdb23c2c_fde7_495f_8676_69714a308d8e$ctl00$ctl04$ctl02$ctl00$ctl00$ctl04$ctl00$ctl00$TextField"
                typus="text"
                maxlength="255"
                id="ctl00_m_g_bdb23c2c_fde7_495f_8676_69714a308d8e_ctl00_ctl04_ctl02_ctl00_ctl00_ctl04_ctl00_ctl00_TextField"
                title="Hide Me!"
                genus="ms-long" />
                <br>
        </span>


    </TD>
</TR>

Hoc picture ostendit idem, sed insignis cum parentes:

Primi parentis (1) is a span tag. Span’s parent (2) est Lorem TD tandem repperi et volentibus occultare parentis rei (3) quod est TR tag se.

This is a pretty terrible approach I think because it’s extremely dependent on the very specific structure of this form. When SharePoint 2010 venit de, this whole structure could change and break this approach. What I really want to do is craft a jQuery selector that is along the lines of “find me all the TR’s (et tantum TR tags) qui alicubi in eorum puer elementa an input agro cuius title = abscondas me!". I starting from the bottom and moving up. Assuming I figure this out, Ego stipes an updated "vivos et facile 'post.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin

Hoc est aliud post in mea in-ingressus series in uti mauris cum SharePoint.
Sis commodo lorem ipsum, Ego altus suadeo: commodo in Actionis per Ursus Bibeault et Yehuda Katz.

Questus Coepi jQuery est mirabiliter facile in SharePoint (mihi). (I do have serious questions about a “best practices” approach to deploying these things to production, but that’s for another day). I’ve just started playing with this technology and to that end, I created a sandbox environment to use. If you’re looking to get started with jQuery, you may find this approach useful.

1. Create a Blank Site

Create a blank site somewhere in your site and call it something clever like “jQuery Sandbox”.

2. Download jQuery

You can download the jQuery javascript library from here: http://docs.jquery.com/Downloading_jQuery

Save that to to your desktop.

I have been using the “minified” version.

3. Create a SharePoint Document Library

In your sandbox site, create a document library.

4. Upload the jQuery Library to SharePoint

Access the doc library you just created and upload the jQuery library.

5. Create a Custom SharePoint List

I’ve started with a custom list because I want to muck about with standard SharePoint forms. You could also create a page in a pages library or web part pages and probably a lot of other places.

Add some columns to the custom list so that you have something to run jQuery against. My initial objectives were to:

1. Hide a field.
2. Assign a value to a field.

With that objective in mind, I added two text fields. Super tempus, I’ll be playing with links, images, lookups, etc.

6. Modify the NewForm.aspx Web Part Page and Add a Content Editor Web Part

This is a little black magic-ish , in that it’s a new concept to me. I first learned about this from Paulus Grenier, SharePoint jQuery Superstar, at his CodePlex project site: http://spff.codeplex.com/.

Follow these steps to add a CEWP to the same page that shows NewForm.aspx for any custom list:

1. Access the custom list and click New.
2. Append the following to the URL: PageView=Shared&ToolPaneView=2

That will transform your boring vanilla data entry form from something like this:

To this:

Add the content editor web part to the page.

7. Write Your First jQuery Code

Open up that CEWP in the code view and add the following:

Here’s the actual code if you want to copy/paste:

<scriptor
    type =,,en,"../../jQuery Library/jquery-1.3.2.min.js,,en,sujith Krish,,en,Nonne vidisti, quod addit in CEWP editform.aspx ut conteram versionem ad paginam principem et notitia ostendit sectionem in III,,en,Quis hoc workarounds,,en,Aliquis,,en"text/javascript"
    src ="../../jQuery Library/jquery-1.3.2.min.js">
</script>

<script typus ="text/javascript">
  $(munus() {

    $('#resultsID').html('There are ' + $('a').size() + ' a tags tags on this page.');

  });
</script>

Result:
<div id='resultsID'></Div>
/result

Note that the first <script> tag is referencing the actual jQuery library. Presumably, these things change over time, so you’ll want to make sure you a) use the right name and b) point it to the correct SharePoint document library.

Bask in the Glory

If you did it correctly, you’ll see a result similar to the following:

Wrapping Up

This isn’t the only way to get started, but it’s quick, easy and isolated from your existing SharePoint environment.

</finem>

Scribet ad mea blog.

Sequi me in Twitter ad http://www.twitter.com/pagalvin