Trimming WebPart Output with SPSecurityTrimmedControl
The SPSecurityTrimmedControl can be used in your SharePoint pages and web parts to conditionally display content based on permissions assigned to a user.
Here’s an example of using the control in a web part. The control is declared in Microsoft.SharePoint (in microsoft.sharepoint.dll). First, create an instance:
SPSecurityTrimmedControl stcEditItem= new SPSecurityTrimmedControl();
stcEditItem.Permissions = SPBasePermissions.EditListItems;
Next, specify the output to display only if the current user has the given permissions. In this case
- Define a literal server control, add some content
- Add the literal to the SPSecurityTrimmedControl
- Add the SPSecurityTrimmedControl to the controls collection for the web part:
Literal litEditItem = new Literal();
litEditItem.Text = “My Content”;
stcEditItem.Controls.Add(litEditItem);
this.Controls.Add(stcEditItem);
Finally, you can explicitly render the SPSecurityTrimmedControl control in the web part’s “Render” method:
stcEditItem.RenderControl(writer);
The content “My Content” will only be displayed in the web part if the user has the “EditListItems” permission.
Also, you can programmatically test for permissions on various SharePoint objects, such as SPListItem, using the AllRolesForCurrentUser method:
SPListItem li;
…
if (!li.AllRolesForCurrentUser.Contains(web.RoleDefinitions["Approve"]))
{
…
This web post from Richard Harbridge shows how to use the SPSecurityTrimmedControl in an ASPX page.
hey nick, thanks for this info. i have spent the last hour trying to find the best way to do this, never thought to use the allrolesforcurrentuser method. great post!
Shereen
December 10, 2008 at 5:30 am