Search code examples
c#.netsharepointsharepoint-2010sharepoint-2007

Creating personal list view programmatically with "Manage personal views" permissions only

In project, I'm currently working on, I have to create personal list view for given list (SharePoint 2007). Here is my code (currList is SPList):

System.Collections.Specialized.StringCollection viewFields = currList.Views[BaseViewID].ViewFields.ToStringCollection();
SPView searchView = currList.Views.Add(SearchViewName, viewFields, query, 100, true, false, Microsoft.SharePoint.SPViewCollection.SPViewType.Html, true);

Everything's working fine when the user has permission to ADD elements to the list. Creating view for user, which has ALL permissions to the list except adding items gives "Access is denied" error. Adding view from SharePoint itself works.

I've found the same problem here: http://us.generation-nt.com/security-issue-while-creating-personal-view-programmatically-help-86373652.html so the problem isn't new.

//EDIT: If I create personal view (having add items to list and manage personal views permissions) I can later modify this view (remove view fields from it, etc.) with manage personal views permnission only. What's interesting is thatif I've created this personal vier earlier I can modify this view

Solution

  • Problem still exists in SharePoint 2010. Adding views with Manage personal views is not possible from code, but it's possible from UI. As a workaround in new project I've created JS script which:

    1. loads Create View page to invisible frame
    2. fills View Name field
    3. selects "Create a Personal View" checkbox
    4. clicks OK button
    5. removes frame

    I'm using jQuery to do this. Clicking button causes postback, so it must be handled:

    createPersonalView = function (callback) {
    var url = siteCollectionUrl + '_layouts/ViewNew.aspx?List={' + listId + '}'
        + '&Source=' + window.location.href;

    $someDiv.append('<iframe class="view-creator" style="display:none;"></iframe>');

    $someDiv.find('iframe.view-creator').attr('src', url);
    $someDiv.find('iframe.view-creator').load(function () {
        var $iframe = $(this);
        $iframe.contents().find('#ViewName').attr('value', "My personal view");
        $iframe.contents().find('input#PersonalView0').attr('CHECKED', 'true');

        $iframe.unbind('load');
        $iframe.load(function () {
            $iframe.remove();
            callback(); //it's done! :D
        });

        $iframe.contents().find('#onetidSaveItemtop').click();
    });
};

    It's enough to do this once. When you have view then it can be updated with Manage personal views permission.