Here is the code for creating a custom field type in SharePoint that gives you field level security within your site. I used Visual Studio 2008 and the SharePoint blank template to develop this field control. When you create a SharePoint blank project you can right click on the project in Visual Studio and click Add->New Item, choose SharePoint in the categories section, and choose Field Control. Once you deploy the wsp file to your farm you just create a site column based on this field type and away you go plugging it into your lists and libraries.
fieldtypes_PermissionedField.xml
<?xml version="1.0" encoding="utf-8"?>
<FieldTypes>
<FieldType>
<Field Name="TypeName">SecureField</Field>
<Field Name="TypeDisplayName">Secure Field</Field>
<Field Name="TypeShortDescription">Permission Controlled Field</Field>
<Field Name="ParentType">Text</Field>
<Field Name="UserCreatable">TRUE</Field>
<Field Name="FieldTypeClass">11dd856b-f0bc-4845-a394-59caf1634b57</Field>
<PropertySchema>
<Fields>
<Field Name="PriviligedUsers" StaticName="PriviligedUsers" DisplayName="Priviliged Users" Type="User" Required="TRUE">
</Field>
</Fields>
</PropertySchema>
</FieldType>
</FieldTypes>
PermissionedField.FieldControl.cs (I'm using Log4Net for logging. Feel free to remove.)
protected override void CreateChildControls()
{
base.CreateChildControls();
try
{
if (this.ControlMode == SPControlMode.Edit)
{
//Declare the necessary variables
SPUser tmpPropUser, tmpUser;
SPField tmpField = this.Field;
Boolean tmpHasAccess = false;
int tmpID;
//Get a reference to the PriviligedUser property
//associated with this field control
SPFieldLookupValue tmpCustomProperty = (SPFieldLookupValue)tmpField.GetCustomProperty("PriviligedUsers");
SPFieldUserValue tmpUserVal = (SPFieldUserValue)tmpField.GetCustomProperty("PriviligedUsers");
if (tmpUserVal != null && tmpCustomProperty != null)
{
//Get the ID of the user or group that is set in the PriviligedUser propery
tmpID = tmpCustomProperty.LookupId;
//Get a reference to the user listed set in the PriviligedUser property
tmpPropUser = tmpUserVal.User;
//Get a reference to the current user
tmpUser = SPContext.Current.Web.CurrentUser;
if (tmpPropUser != null) //The property is set to a SPUser object
{
//Check to see of the user specified in the PriviligedUser property
//is the same as the current user
if (tmpPropUser.LoginName == tmpUser.LoginName)
{
tmpHasAccess = true;
}
}
else //The property is set to a SPGroup object
{
//Determine if the user belongs to the security group set
//in the PriviligedUsers custom property
foreach (SPGroup tmpGroup in tmpUser.Groups)
{
//Enumerate through each group to see if it
//matches the group id in the PriviligedUsers property
if (tmpGroup.ID == tmpID)
{
tmpHasAccess = true;
break;
}
}
}
//Check the users permissions
if (!tmpHasAccess)
{
//Log information to the log
//_log.Info("Url:" + base.Web.Url + "; List:" + base.List + "; " + tmpUser.LoginName + " does not have permissions to edit the field " + base.FieldName);
//Set the Control Mode of the Control to Display instead of Edit
base.ControlMode = SPControlMode.Display;
base.ItemContext.FormContext.FormMode = SPControlMode.Display;
}
}
}
}
catch (Exception ex)
{
//Log the caught exception
_log.Error(ex);
//Ensure that the exception is thrown after it is caught
throw ex;
}
}