Preventing Record Modification but Allowing Metadata Modification by Overriding the Upload Page in Windows SharePoint Services 3.0

The Upload page that is provided by Windows SharePoint Services 3.0 enables users to upload files to a Document Library. In addition to letting you select a file, the page contains an Upload Multiple Documents link and a check box for overwriting existing files, which is selected by default. In this Microsoft Office Visual How To,  you learn how to use the functionality of the Upload page, but you will modify and extend it to ensure that an  existing file is not accidentally overwritten during the upload process. To do this, you create a new ASPX page based on the existing Upload page, clear and hide the Overwrite Existing Files check box, and remove the ability to upload multiple files. This enables you to inject specific business rules and processes for adding files to the library. Instead of creating a completely new Upload page, you will derive from the existing Upload page and functionality, making the tweaks necessary for the functionality you want. To do this, you reference the Microsoft.SharePoint and Microsoft.SharePoint.ApplicationPages assemblies in your project. Then you create  a class that derives from theMicrosoft.SharePoint.ApplicationPages.UploadPage class. This class uses the Microsoft.SharePoint andMicrosoft.SharePoint.ApplicationPages namespaces. C# VB using Microsoft.SharePoint; using Microsoft.SharePoint.ApplicationPages; The functionality that you want is to clear and hide the Overwrite Existing Files check box, and also hide theUpload Multiple Files link. To do this, you override the OnLoad event and modify the controls that control  this functionality. The Upload Multiple Files link is provided by a HyperLink control named UploadMultipleLink. To hide this link, set the Visible property to false.  The Overwrite Existing Files check box is provided by theOverwriteSingle control. To clear and hide the check box, set the Checked property and the Visible property tofalse. The assembly is now complied with a strong name. These steps are shown in the following code example. C# VB namespace CustomUpload { public class MyUpload : Microsoft.SharePoint.ApplicationPages.UploadPage { protected override void OnLoad(EventArgs e) { base.OnLoad(e); // Hide the link to multiple upload. this.UploadMultipleLink.Visible = false; // Make sure the single overwrite is not checked and hide it. this.OverwriteSingle.Checked = false; this.OverwriteSingle.Visible = false; } } } Creating the ASPX Page The next step is to create the ASPX page, making a custom page based on Upload.aspx.  The Upload.aspx page you use is in the 12\TEMPLATE\LAYOUTS directory. You do not replace this file,  but rather you create a new file based on the existing one. To create the ASPX page Create a new file in your project named MyUpload.aspx, and replace its contents with  a copy of the contents from the Upload.aspx file. To make your custom ASPX page use your class, modify the Assembly and Pageinformation to reference your assembly and class. [MyUpload.aspx] <%@ Assembly Name="CustomUpload, Version=1.0.0.0, Culture=neutral, PublicKeyToken=2ddef81d28ad7a84"%> <%@ Page Language="C#" Inherits="CustomUpload.MyUpload" MasterPageFile="~/_layouts/application.master" %> ...Remaining content copied from Upload.aspx After you perform this step, the next step is to put the assembly and ASPX page in locations that  Windows SharePoint Services can use. In this example, you put the assembly in the global assembly cache, and you put the ASPX page into the 12\TEMPLATE\LAYOUTS directory. Again, you do not want to replace the existing Upload.aspx page, but rather add your own page. After you reset Internet Information Services (IIS), your assembly and ASPX page are available,  and they can be accessed from the _layouts directory: http://{weburl}/_layouts/MyUpload.aspx. This URL must include a Listparameter that contains the GUID of the list in which the file is to be uploaded. It can also optionally contain aRootFolder parameter that is used to identify the folder in which the file should  be uploaded. In this example, you are not replacing the existing Upload.aspx page, but instead you are implementing your own page based on the functionality of the existing page. Because of this approach,  you are not replacing the functionality of the Upload link in the document libraries.  This means that you must find another way to access your custom Upload page. You configure the New functionality within a document library so that it redirects the user to your custom Upload page. Redirecting the User to the New Upload Page In this example, you redirect the user to your Upload page when the user selects New and then selects Documentin the document library. To redirect to your Upload page, you must first enable content types on the library. To redirect users to the new page In a document library, click Settings, and then select Document Library Settings. On the Customize page, select Advanced Settings. On the Advanced Settings page, select Yes for Allow Management of Content Types, and then click OK. After you return to the Customize page, a new Content Types section appears. Click the Document content type, and then click Advanced Settings. Finally, enter the path to the custom Upload page, /_layouts/MyUpload.aspx in this example. Figure 1. Content type Now, when users click New and then click Document to create a new document, they are redirected to  your custom Upload page. Figure 2. Custom Upload page An alternative way to redirect to the custom Upload page from the New action is to, in the content type schema , define the path to the custom Upload page in the TargetName attribute of the DocumentTemplate. XML [Example Content Type Schema] <?xml version="1.0" encoding="utf-8" standalone="yes"?> <Elements xmlns="http://schemas.microsoft.com/sharepoint/"> <ContentType ID="0x0101002852FFD6990A4ca1BEB33A2FDA0A8052" Name="My ContentType" Group="Custom" Description="This content type uses the custom upload page" Version="0"> <FieldRefs> <FieldRef ID="{fa564e0f-0c70-4ab9-b863-0177e6ddd247}" Name="Title" Required="TRUE"/> </FieldRefs> <DocumentTemplate TargetName="/_layouts/MyUpload.aspx" /> </ContentType> </Elements> This particular scenario makes the most sense when the site administrator has a high degree of control over the content types, libraries, and the site. It may not make sense in a typical team site where authority is  often delegated and users have flexibility in how they work. It is important to also point out that this example provides functionality that helps users perform the  correct tasks and enforce the business rules—such as preventing the accidental overwriting of an existing file— but it is not a replacement for security. For example, the alternative methods for adding a document to a library,  such as through Windows Explorer/WebDav, are not handled in this example; they provide a method with  which a user can overwrite an existing file. Also, hiding a control on the page is not meant to be a means  for enhanced security because it does not prevent a malicious user from accessing those hidden controls  and changing the behavior of the page. Instead, it is intended to help users follow the business rules and processes that are necessary for uploading and interacting with the site content.