Security in SPEasyForms

If you were at SharePoint Saturday VA Beach and you saw the session on SPEasyForms, you probably heard us say that the ribbon button for configuring SPEasyForms for a list is security trimmed and you need to have the Manage Lists permission in order to see it. But there is also a link to the settings page on the list settings page, and I recently realized that I never got around to security trimming this link.

So the question is, is this a security flaw? In a word, no. The reason is that despite its name, security trimming is not a security mechanism. It is a UI feature. Generally, it is a bad practice to show people a link to something that they cannot use. Having the link appear on the list settings page for users who cannot configure it is certainly a UI flaw, and one that I will start to address in the next AddOns release for SPEasyForms.

So the next question is, what are the security considerations you should be aware of when using SPEasyForms? SPEasyForms security is entirely based on file system security, meaning that what a user can do with SPEasyForms is based on the SharePoint permissions assigned to the files that SPEasyForms depends on.
Continue reading “Security in SPEasyForms”

Initializing Field Values through Request Parameters using SPEasyForms

Scott Shearer and I were at SharePoint Saturday VA Beach this past weekend, which was an excellent event. Scott did a few different presentations including one on SPEasyForms, which drew a pretty big crowd and was pretty well received. After the presentation Scott opened the floor for questions, which quickly got a little deeper into the implementation details than he was expecting so I got up and fielded some questions. One of the questions was if you pass in request parameters, can SPEasyForms initialize form fields from the values? The answer was no, but it wouldn’t be that hard to implement and this is a very common request in SharePoint forums. In fact, I’m going to need this kind of functionality for some of the improvements I envision for SPEasyForms in the future.
Continue reading “Initializing Field Values through Request Parameters using SPEasyForms”

Extending SPEasyForms Visibility Rules

This is going to be a fairly short post, because there isn’t that much to extending visibility rules. SPEasyForms visibility rules have two extension points, state handlers and comparison operators. The built-in state handlers and comparison operators in v2014.01 are shown in the two drop down lists on the add/edit visibility rule dialog box shown below:
image
This post is going to explain how to extend the visibility rules by adding the following functionality:
  • Comparison operators for >, >=, <, <=, and !=
  • State handlers to highlight a field in various colors

Continue reading “Extending SPEasyForms Visibility Rules”

First SPEasyForms Plug-in, DefaultToCurrentUserAdapter

To demonstrate writing a plug-in for SPEasyForms, I’m going to write a pretty simple adapter that can be applied to user fields and adds the functionality to default the field value to the currently logged on user on new forms.  It’s not just simple enough to provide a good sample for explaining creating plug-ins, it’s also something that customers ask me for pretty frequently. This post is going to explain the JavaScript behind the plug-in. The source code download will be a full-fledged no code sandbox solution, but if you need an explanation of the solution or packaging see my previous post Anatomy of a No Code Sandbox Solution; I’m not going to explain that again here. 
Continue reading “First SPEasyForms Plug-in, DefaultToCurrentUserAdapter”

Scroll to top