SharePoint 2010 - Configuring List Item Permissions with Workflow

/

The client had a pretty "simple" situation where:

  1. We want to create a Request list where different people in the company can add requests, but assign it to a department.
  2. Once created, only members in that department has access to this request item

PERMISSION GROUPS

You can use Active Directory groups here as well.  Here are my four security groups

image

 

DEPARTMENT LIST

I plan to use re-usable workflows later to configure the list item permissions.  So I need to create a few site columns, here's the first one DepartmentGroup.  This is basically a People or Groups field.

clip_image002

I create a list for the department, thus:

clip_image002[7]

 

REQUEST LIST

Here's the second site column.  This is a lookup column to the Department list.  I'm bringing over the ID field as an additional field.

clip_image002[9]

Add a few records:

clip_image002[11]

clip_image002[13]

REMOVE LIST PERMISSIONS

Stop inheriting permissions from parent (site), and do a bit of house cleaning and remove the unnecessary groups.

 

LET'S WORK ON THAT WORKFLOW

The idea of the workflow is that:

  1. Whenever an item is updated
  2. Look up the group based on the selected Department (via the additional ID field)
  3. Assign item-level security to the list item
  4. Remove permissions to modify the item, and grant the department group permission to view and modify that request.

Create a re-usable workflow.  Target any content type.

We'll need the lookup site column, so associate that

clip_image002[15]

The permissions steps need to be run as impersonated steps.  The impersonated steps can not be mixed with the normal steps (such as Step 1)

clip_image002[17]

Remove (unused) Step 1, and add "Replace permission" action

clip_image002[19]

Start with the second parameter which is the easier one.  Click on "this list" and select Current Item

clip_image002[21]

clip_image002[23]

Click on "these permissions" and we want Contribute and Read permissions

clip_image002[25]

Click on "Choose" and set who we'll be granting Contribute/Read to

clip_image002[29]

Select "Workflow Lookup for a User…" and click Add
We want to do a look up on the Department list.

clip_image002[31]

The field we want is DepartmentGroup (our Person and Group site column).  Return the field as Login Name
Set the filter Field below to ID

clip_image002[33]

Set the filter Value field to Current Item.Department:ID

(You can also use the DepartmentLookup field here, just return it as Integer)

clip_image002[35]

Final result:

clip_image002[37]

OK everything.  Remember to save and publish

clip_image002[39]

 

Go back to SharePoint list

Configure the workflow and make sure it runs when a list item is created or modified

clip_image002[41]

VERIFY RESULTS
Check the permission of our first request (before the workflow)

clip_image002[43]

It is inheriting from list.  Nothing special.

clip_image002[45]

 

Create a new request for our Network department - see the workflow has completed

clip_image002[47]

Check its permissions

clip_image002[49]

"NetworkHeroes" has been assigned "Contribute" and "Read" permissions to the list item - everyone else has been stripped out.
The List Item has also stopped inheriting permissions from the parent list.

 

SUMMARY

So the solution works and is relatively elegant.  Though the client mocks me and says it was so much more easier in Lotus Notes :-(

The following features in SharePoint 2010 makes this example a little bit cleaner than with SharePoint 2007:

  • "Additional Fields"
  • Impersonation Step
  • Re-usable Workflows
  • Replace Permissions Action

Windows Live Messenger wave 4 - redir.us freaks me out

/

Colleagues send me links via MSN to a web page, and I see

image

Immediately started freaking out - what is rdir.us?
Not many people have written about this - the best I've found is Rafael's post here:

Live Messenger and the “link harvesting black box in the sky”

Short story:

Silverlight PivotViewer and SharePoint

/

 

Microsoft just released a new control PivotViewer for Silverlight. 

http://www.microsoft.com/silverlight/pivotviewer/

If you haven't seen this yet - go check out the video then come back, I'll wait here.

 

It's a web-based control to provide pivot functionality for datasets.  For fixed data - you can pre-generate the data set. For dynamic data, the collection could be generated dynamically and served.

So what would happen if you throw it at SharePoint, I ask?

The initial results are astounding!  Check these out:

image

Figure: Connecting it to listdata.svc OData service

At the root level it really is quite boring.

 

image

Figure: Connecting to a document library OData service

OK this is getting fun.  Facets!  Sort/Display/Zoom

image

Figure: Sorting the document library by Modified date

You probably can see I've uploaded a bunch of documents in the last hour :-)

 

The screenshots don't do this justice - when you filter down, change sort… the boxes fly all over the place it's as if I'm literally shaking SharePoint apart to zoom in on my data.

 

So it looks like I'll be extremely busy next couple of weekends and evenings:

  • Generate collection data across site - this will let me filter the "Path" facet to select which list/document library I'm after
    • What does this mean for big sites?
  • Add more visualizers, use Word/PPT thumbnails
  • Create configurable background colours for different content types
  • Add a contextual menu and hook it back through SharePoint actions
  • And the Holy Grail - is it possible to make this work as a Sandbox Solution?
    • The current sample reference application requires IIS HttpHandlers to serve dynamic collection data consumed from OData. 
    • Sandbox solution problem may be tricky.

 

It's times like this I stood back and appreciate what Microsoft does.  You guys are awesome.  Different teams produce different software and they just magically work together.  Makes us look like heroes.

/Salute

Silverlight Unit Testing - adding a timeout to EnqueueConditional

/

Since a lot of Silverlight work is asynchronous in nature, the Silverlight testing framework has many helper functions to essentially do "non blocking wait until something happens"

The curious one to me is EnqueueConditional(Func<bool> conditionalDelegate

This one essentially waits until the condition is true - so you can call a method to populate your view model with data, and then wait until data.Count > 0

But the method has no support for timeout.  It can, and will, hold the unit testing framework in progress forever.

Here's my little tweak to the method.

        public override void EnqueueConditional(Func<bool> conditionalDelegate)
        {
            DispatcherTimer timer = new DispatcherTimer();
            timer.Interval = new TimeSpan(0, 0, 5);
            timer.Tick += delegate
            {
                // remember to stop timer or it'll tick again
                timer.Stop();
                throw new TimeoutException();
            };
            EnqueueCallback(delegate
            {
                timer.Start();
            });
            base.EnqueueConditional(conditionalDelegate);
            EnqueueCallback(delegate
            {
                timer.Stop();
            });
        }

Here's the unit test to go with it

        [TestMethod]
        [TestProperty("TestCategory", "Silverlight")]
        [Asynchronous]
        [ExpectedException(typeof(TimeoutException))]
        public void Test_Timeout()
        {
            EnqueueConditional(delegate
            {
                // return?  never!
                return false;
            });

            EnqueueTestComplete();
        }

And one more tweak in the App.xaml.cs

        private void Application_UnhandledException(object sender, ApplicationUnhandledExceptionEventArgs e)
        {
            if (e.ExceptionObject is TimeoutException)
            {
                e.Handled = true;
                // stop any timeoutexception here or it'll bubble to the DOM
                return;
            }

            ...
        }

Here's the result picture:  Running just slightly over 5 seconds.

image

 

Updated: added a result picture.

Silverlight first asynchronous test run twice

/

I'm observing a pretty odd behaviour - the first test of my MVVM is running twice.

Exhibit Original code:

 
    [TestMethod, Asynchronous]
    public void VMConnectTest()
    {
        ViewModel clientVM = CreateVM();

        #region connect
        clientVM.Connect.Execute(null);
        base.EnqueueConditional(delegate
        {
            return clientVM.IsConnected;
        });
        #endregion
        base.EnqueueTestComplete();
    }

I have a break point in CreateVM - and it's firing twice, off the same line.

Changing the code to:

    [TestMethod, Asynchronous] 
    public void VMConnectTest()
    {
        ViewModel clientVM = null;

        #region connect
        base.EnqueueCallback(delegate
        {
            clientVM = CreateVM()
            clientVM.Connect.Execute(null);
        });
        base.EnqueueConditional(delegate
        {
            return clientVM.IsConnected;
        });
        #endregion
        base.EnqueueTestComplete();
    }

And now the CreateVM only runs once.

I suspect the Asynchronous test has a bug regarding mixing which thread is suppose to be creating the VM.  In this case, it's running twice.  Throwing everything onto the test stack seems to have fixed this, but makes the code look more complex than usual.