- Approvator Box Push
- Collaborator Box Push
where Box Push is my Sharepoint List with my K2 integrated workflow. Because I want to set this permissions when the task item is generated, in this case I cannot use "Sharepoint User Management" [SUM] event because I have the task item ID only when the item is created (see again this post). If you think to use SUM after the SWIC event, you haven't the desired behavior because process instance waits a user action to go on and permissions are set too late. So, to achieve my purpose I needed to write custom code in SWIC event after I get task item ID. In "ExecuteForUser" method body I call a K2 sharepoint web service (installed by K2 on MOSS) used to set permission on generic item (site, list or item list) hosted on MOSS solution. The code to call this service is the follow:
SourceCode.SharePoint.WebServices.K2SPPermissions K2SPPermissionsPRx = new SourceCode.SharePoint.WebServices.K2SPPermissions(); K2SPPermissionsPRx.Url = new K2Uri(MyUrl).FormatURI(true) + "_vti_bin/K2SPPermissions.ASMX"; ADCredentials directoryCredential = new ADCredentials(); K2SPPermissionsPRx.Credentials = directoryCredential.GetCredentials(K2SPPermissionsPRx.Url); K2SPPermissionsPRx.SetSiteWidePermissionsFromXml(XML_FOR_PERMISSION);where MyUrl is the Sharepoint site url. This service gets in input a xml string describing the permissions to assign. An example could be this:
<Group> <Filter> YOUR MOSS SITE </Filter> <SharePointPeopleAndGroupsItem> <Url> <SharePointSite> YOUR MOSS SITE </SharePointSite> <SharePointList>Tasks</SharePointList> <SharePointFolder></SharePointFolder> <SharePointListItem> YOUR ITEM ID </SharePointListItem> <SharePointGroup></SharePointGroup> </Url> <SharePointItemType>SHAREPOINTLISTITEM</SharePointItemType> <UserOrGroupCollection> <UserOrGroup> <LoginName>Approvers Box Push</LoginName> <Type>Group</Type> </UserOrGroup> </UserOrGroupCollection> <K2SharePointItemCollection></K2SharePointItemCollection> <K2UserOrGroupCollection></K2UserOrGroupCollection> <BreakRoleInheritance>True</BreakRoleInheritance> <CopyRoleAssignments>False</CopyRoleAssignments> <RevokeDefinitions>False</RevokeDefinitions> <AssignSiteMemberPermission>False</AssignSiteMemberPermission> <SharePointPermissionCollection> <SharePointPermission> <Name>Full Control</Name> <Type>REVOKE</Type> </SharePointPermission> <SharePointPermission> <Name>Design</Name> <Type>REVOKE</Type> </SharePointPermission> <SharePointPermission> <Name>Manage Hierarchy</Name> <Type>REVOKE</Type> </SharePointPermission> <SharePointPermission> <Name>Approve</Name> <Type>REVOKE</Type> </SharePointPermission> <SharePointPermission> <Name>Contribute</Name> <Type>REVOKE</Type> </SharePointPermission> <SharePointPermission> <Name>Read</Name> <Type>REVOKE</Type> </SharePointPermission> <SharePointPermission> <Name>Restricted Read</Name> <Type>REVOKE</Type> </SharePointPermission> <SharePointPermission> <Name>View Only</Name> <Type>ASSIGN</Type> </SharePointPermission> </SharePointPermissionCollection> </SharePointPeopleAndGroupsItem> </Group>in my particular case I set "View Only" to "Approvers Box Push" group but you can set your desire permissions substituting ASSIGN to REVOKE label. In this way I achieve my purpose, in fact when a user member of Approvers Box Push open a task Item he or she could only view it (see the picture below). These permissions are set only to the item; on the Tasks list, users can add new task item as they want (as showed in the follow picture):
No comments:
Post a Comment