Enhancing the SPSecurityTrimmedControl - Trimming UI on any critereon

Posted on 5/27/2008 @ 1:12 PM in #SharePoint by | Feedback | 7569 views

Okay so, first, what is the SPSecurityTrimmedControl?

SPSecurityTrimmedControl is a web control in the SharePoint framework that lets you show or hide certain parts of the UI based on the user's union-ed permission. Union-ed = From the groups he belongs to, plus the individual level permissions from both the site collection and site itself. Read more about the SPSecurityTrimmedControl.

A little known fact is that the SPSecurityTrimmedControl can be enhanced to show or hide parts of the SharePoint UI, based on any critereon you can think of.

Let me explain using a canned example. Lets say, I want to create a portion of the UI that is trimmed per the zone the SharePoint site is exposed on. Thus, if I am visiting the site through http://intranet.yourfunkyorganization.com versus http://www.yourfunkyorganization.com I'd like certain parts of the UI to show up only when the site is accessed via the intranet URL, not the www URL.

Easy! Just author a custom WebControl like the following -

   1:  public class SPURLTrimmedControl : SPSecurityTrimmedControl
   2:  {
   3:      private List<string> _urls = new List<string>();
   5:      public string UrlsString
   6:      {
   7:          get
   8:          {
   9:              return string.Join(",", _urls.ToArray());
  10:          }
  11:          set
  12:          {
  13:              _urls.AddRange(
  14:                  value.Split(new char[] { ',' }, 
  15:                  System.StringSplitOptions.RemoveEmptyEntries)
  16:                  );
  17:          }
  18:      }
  20:      protected override void Render(HtmlTextWriter output)
  21:      {
  22:          if (!string.IsNullOrEmpty(UrlsString) && CheckUrl())
  23:          {
  24:              base.Render(output);
  25:          }
  26:      }
  28:      private bool CheckUrl()
  29:      {
  30:          bool returnValue = false; // Assume failure to be safe.
  31:          string requestUrl = HttpContext.Current.Request.Url.Host;
  32:          if (_urls.Contains(requestUrl))
  33:          {
  34:              returnValue = true;
  35:          }
  36:          return returnValue;
  37:      }
  38:  }
  39:  }


Strong name and sign the above.

Throw it in the GAC.

Add a SafeControls entry like this -

   1:        <SafeControl 
   2:          Assembly="Winsmarts.WebControls, Version=, Culture=neutral, PublicKeyToken=b3eada39a89a2bd2" 
   3:          Namespace="Winsmarts.WebControls" 
   4:          TypeName="*" Safe="True" />

And modify your ASPX or Master Page code like this ---

   1:  <winsmarts:SPURLTrimmedControl runat="server" ID="UrlTrimmer" UrlsString="intranet.yourfunkyorganization.com">
   2:     Does this show up?
   3:  </winsmarts:SPURLTrimmedControl>    

.. and now when you visit the intranet URL - the text "Does this show up" will show up. But it won't show up when you visit it using the www URL.

Obviously, you can enhance the above to literally show or hide content based on any critereon you wish.

Sound off but keep it civil:

Older comments..

On 5/28/2008 3:47:19 AM Waldek Mastykarz said ..
I really like your idea of extending the SPSecurityTrimmedControl, Sahil. Some time ago I have written an article about creating your own wrapper controls (http://blog.mastykarz.nl/2008/03/30/creating-your-own-wrapper-controls-in-sharepoint-2007/): just to implement the needed stuff without any overhead.

While extending the SPSecurityTrimmedControl introduces tons of possibilities, it surprises me that the basic functionality provided by the control doesn't work properly. I have described the problems @ http://blog.mastykarz.nl/2008/04/05/inconvenient-spsecuritytrimmedcontrol/. I've been wondering whether you have faced these issues yourself.