Question : Sharepoint custom workflow status permissions

we createad a custom workfow associated with forms library, we have "Collect Data From User" action which create a new task in custom task list "HRTasks" , the problem we have the created task can be edited by all contribute users , can we raised access denied message when user  that not assigned to when click the task item that forward to the page  "Lists/HRTasks/DispForm.aspx"

Thanks

Answer : Sharepoint custom workflow status permissions

Hi,

I tried running the code and works fine with assigned and non-assigned user.
Please attach the debugger ( attach to w3wp.exe ) in Visual Studio to debug the issue.

Herewith the code, we have used -

public override void ItemUpdating(SPItemEventProperties properties)
        {
            base.ItemUpdating(properties);

            if (properties.ListTitle.Equals(DocumentLibararyType.Tasks, StringComparison.InvariantCultureIgnoreCase) == true)
            {
                SPWeb site = null;
                try
                {
                    SPListItem spItem = properties.ListItem;
                    site = properties.OpenWeb();
                    SPGroup spOwnerGroup = site.AssociatedOwnerGroup;
                    SPUser spCurrentUser = site.CurrentUser;

                    string strStatus = spItem[ItemFiledType.Status].ToString();
                    int intIndex = spItem[ItemFiledType.AssignedTo].ToString().IndexOf('#');
                    string spAssignedTo = spItem[ItemFiledType.AssignedTo].ToString().Remove(0, intIndex + 1);
                    string spCurrentUserLoginName = site.CurrentUser.LoginName;
                    string spCurrentUserName = site.CurrentUser.Name;  // added to see if 'Assigned to' is same as name of current user.
                    bool blnAllowUpdate = false;

                    if (spCurrentUserLoginName.Equals("sharepoint\\system", StringComparison.InvariantCultureIgnoreCase) == false)
                    {
                        foreach (SPGroup spg in spCurrentUser.Groups)
                        {
                            if (site.AssociatedOwnerGroup != null)
                            {
                                if (spg.Name.CompareTo(site.AssociatedOwnerGroup.Name) == 0)
                                {
                                    if (strStatus.Equals(FileItemStatusType.Completed, StringComparison.InvariantCultureIgnoreCase) == true)
                                    {
                                        // This is the message that we'd like to show to the user
                                        // if he/she tries to update an active task
                                        properties.ErrorMessage = "Task is already completed and can not be updated now.";
                                        //// This line actually cancels the delete
                                        properties.Cancel = true;
                                    }
                                    else
                                    {
                                        blnAllowUpdate = true;
                                    }
                                }
                            }
                        }

                        // If the task status is Complete it is not active task any more
                        // Otherwise we cancel the deletion
                        // if (strStatus != "Completed" && strStatus != "Production" && strStatus != "Approval Denied")
                        if (blnAllowUpdate == false)
                        {
                            // "spAssignedTo.CompareTo(spCurrentUserName) != 0" this condition added to see if 'Assigned to' is same as name of current user.
                            if ((spAssignedTo.CompareTo(spCurrentUserLoginName) != 0 && spAssignedTo.CompareTo(spCurrentUserName) != 0) &&
                                (strStatus.Equals(FileItemStatusType.Completed, StringComparison.InvariantCultureIgnoreCase) == false))
                            {
                                // This is the message that we'd like to show to the user
                                // if he/she tries to update an active task
                                properties.ErrorMessage = "This item is still in progress and can only be updated by the creator of the item.";
                                //// This line actually cancels the delete
                                properties.Cancel = true;
                            }
                            else if (strStatus.Equals(FileItemStatusType.Completed, StringComparison.InvariantCultureIgnoreCase) == true)
                            {
                                // This is the message that we'd like to show to the user
                                // if he/she tries to delete an active task
                                properties.ErrorMessage = "Task is already completed and can not be updated now.";
                                //// This line actually cancels the delete
                                properties.Cancel = true;
                            }
                        }
                    }
                }
                catch (Exception ex)
                {
                    properties.ErrorMessage = "An internal error occured while doing action" + Environment.NewLine +
                        ex.Message.ToString();
                    properties.Cancel = true;
                }
            }

        }

I hope, it helps.

Cheers ...
Rajendra
Random Solutions  
 
programming4us programming4us