Preventing Record Modification but Allowing Metadata Modification by Overriding the Upload Page in Windows SharePoint Services 3.0

Summary:  Learn how to modify and extend the functionality of the Upload page in Windows SharePoint Services 3.0 to ensure that an existing file is not accidentally overwritten during the upload process. Learn about injecting specific business rules and processes for adding files to a library.

Applies to:  Windows SharePoint Services 3.0

Microsoft Corporation

June 2008

The Upload page that is provided by Windows SharePoint Services 3.0 enables users to upload files to a Document Library. In addition to letting you select a file, the page contains an Upload Multiple Documents link and a check box for overwriting existing files, which is selected by default. In this Microsoft Office Visual How To, you learn how to use the functionality of the Upload page, but you will modify and extend it to ensure that an existing file is not accidentally overwritten during the upload process. To do this, you create a new ASPX page based on the existing Upload page, clear and hide the Overwrite Existing Files check box, and remove the ability to upload multiple files. This enables you to inject specific business rules and processes for adding files to the library.

Instead of creating a completely new Upload page, you will derive from the existing Upload page and functionality, making the tweaks necessary for the functionality you want. To do this, you reference the Microsoft.SharePoint and Microsoft.SharePoint.ApplicationPages assemblies in your project. Then you create a class that derives from the Microsoft.SharePoint.ApplicationPages.UploadPage class. This class uses the Microsoft.SharePoint and Microsoft.SharePoint.ApplicationPages namespaces.

The functionality that you want is to clear and hide the Overwrite Existing Files check box, and also hide the Upload Multiple Files link. To do this, you override the OnLoad event and modify the controls that control this functionality. The Upload Multiple Files link is provided by a HyperLink control named UploadMultipleLink. To hide this link, set the Visible property to false. The Overwrite Existing Files check box is provided by the OverwriteSingle control. To clear and hide the check box, set the Checked property and the Visible property to false. The assembly is now complied with a strong name.

These steps are shown in the following code example.

Creating the ASPX Page

The next step is to create the ASPX page, making a custom page based on Upload.aspx. The Upload.aspx page you use is in the 12\TEMPLATE\LAYOUTS directory. You do not replace this file, but rather you create a new file based on the existing one.

To create the ASPX page

  • Create a new file in your project named MyUpload.aspx, and replace its contents with a copy of the contents from the Upload.aspx file. To make your custom ASPX page use your class, modify the Assembly and Page information to reference your assembly and class.

    [MyUpload.aspx]
    <%@ Assembly Name="CustomUpload, Version=1.0.0.0, Culture=neutral, 
    PublicKeyToken=2ddef81d28ad7a84"%> 
    <%@ Page Language="C#" Inherits="CustomUpload.MyUpload" 
    MasterPageFile="~/_layouts/application.master"      %>
    ...Remaining content copied from Upload.aspx

After you perform this step, the next step is to put the assembly and ASPX page in locations that Windows SharePoint Services can use. In this example, you put the assembly in the global assembly cache, and you put the ASPX page into the 12\TEMPLATE\LAYOUTS directory. Again, you do not want to replace the existing Upload.aspx page, but rather add your own page.

After you reset Internet Information Services (IIS), your assembly and ASPX page are available, and they can be accessed from the _layouts directory: http://{weburl}/_layouts/MyUpload.aspx. This URL must include a List parameter that contains the GUID of the list in which the file is to be uploaded. It can also optionally contain a RootFolder parameter that is used to identify the folder in which the file should be uploaded.

In this example, you are not replacing the existing Upload.aspx page, but instead you are implementing your own page based on the functionality of the existing page. Because of this approach, you are not replacing the functionality of the Upload link in the document libraries. This means that you must find another way to access your custom Upload page. You configure the New functionality within a document library so that it redirects the user to your custom Upload page.

Redirecting the User to the New Upload Page

In this example, you redirect the user to your Upload page when the user selects New and then selects Document in the document library. To redirect to your Upload page, you must first enable content types on the library.

To redirect users to the new page

  1. In a document library, click Settings, and then select Document Library Settings.

  2. On the Customize page, select Advanced Settings.

  3. On the Advanced Settings page, select Yes for Allow Management of Content Types, and then click OK.

    After you return to the Customize page, a new Content Types section appears.

  4. Click the Document content type, and then click Advanced Settings.

  5. Finally, enter the path to the custom Upload page, /_layouts/MyUpload.aspx in this example.

Figure 1. Content type

Now, when users click New and then click Document to create a new document, they are redirected to your custom Upload page.

Figure 2. Custom Upload page

An alternative way to redirect to the custom Upload page from the New action is to, in the content type schema, define the path to the custom Upload page in the TargetName attribute of the DocumentTemplate.

This particular scenario makes the most sense when the site administrator has a high degree of control over the content types, libraries, and the site. It may not make sense in a typical team site where authority is often delegated and users have flexibility in how they work.

It is important to also point out that this example provides functionality that helps users perform the correct tasks and enforce the business rules—such as preventing the accidental overwriting of an existing file—but it is not a replacement for security. For example, the alternative methods for adding a document to a library, such as through Windows Explorer/WebDav, are not handled in this example; they provide a method with which a user can overwrite an existing file. Also, hiding a control on the page is not meant to be a means for enhanced security because it does not prevent a malicious user from accessing those hidden controls and changing the behavior of the page. Instead, it is intended to help users follow the business rules and processes that are necessary for uploading and interacting with the site content.

Watch the Video

Length: 9:14 | Size: 8.03 MB | Type: WMV