List permissions and WSS 3.0 [Resolved]

Mar 2, 2010 at 1:53 AM
Edited Mar 2, 2010 at 2:28 AM

The longer version is below. The short version is this: is there a way to use jPoint with the equivalent of UserContextFilter.webpart so that returned data is specific to that user? And also to prevent modifying list items not owned by that user?


Longer version:

Just started looking at security. Client-side security is easily circumventable of course so I don't expect jPoint to solve that but I was wondering if there are any tips that I might be able to use. In fact I don't yet see how security is actually handled for web services so that still takes some research on my part. The only thing I can think of right now, and not sure how to do, especially with jPoint, is on saving or deleting a list item, is not to do it directly through webservices but rather pipe requests through a proxy aspx file that handles it. Would that be correct?

This comes as I found that there is a filter available to MOSS 2007 Enterprise called the "User Filter" (something like that) which allows the user to only see/edit their items when enabled. I thought at first that my client doesn't have MOSS but I do see the UserContextFilter.webpart in the catalog so I guess they DO have that. That said, I don't believe the webservices will make use of that webpart since it only filters a dataview that uses it as a filter. So that means I'd still need a proxy that checks the user somehow before modifying data which would defeat the purpose of the simplicity of webservices, unless I am missing something which is highly likely.

[edit] I might be able to do a simple proxy with the HttpContext.User Property. I'll have to look into that more later.

[edit 2] I just saw this bit on list permissions. I haven't yet seen how this would change webservice requests yet. I don't see that affecting listings but perhaps trying to modify the item would throw an error. And if so, would jPoint report that error? I do see some try...catch blocks in the code but would a permissions issue be passed back as an error?

Thanks!

Michael

Mar 4, 2010 at 5:27 AM

Just a followup in case anyone is wondering, especially folks new to jPoint and SharePoint web services. Access is determined by list permissions set on the list so there is no problem there.