Tools for Customization
The SharePoint platform supports a variety of tools for performing different types of customizations. In this section, we will explore these tools and their uses. We will also discuss the appropriate types of controls that can be applied to limit their use in a production environment.
SharePoint Designer
SharePoint Designer (SPD) is a Windows client application used to design rich, highly-customized SharePoint solutions. SPD 2010 is the latest version of the product previously known as FrontPage. It is available in both 32-bit and 64-bit versions, depending on the operating system on which it will be used and the version of Microsoft Office installed on the client computer.
SharePoint Designer is intended for use primarily by web site designers to enable detailed customization of pages, lists, libraries, and many other SharePoint artifacts. While there are features within SharePoint Designer that may be useful to developers and administrators, SPD is first and foremost a design tool. SharePoint Designer is ideal for creating business process workflows, integrating with line-of-business databases and creating custom presentations of business information on the SharePoint Server platform. Note that SharePoint Designer 2010 is only compatible with the SharePoint 2010 Foundation and Server products.
While SharePoint Designer and, previously, FrontPage were once offered as traditional commercial products, as of March 31, 2009, Microsoft is no longer selling SharePoint Designer but giving it away. It is available for free from the following Microsoft download sites:
SharePoint Designer 2010 can be a very powerful tool for creating SharePoint 2010 solutions. Like any powerful tool, it can be dangerous in the wrong hands. SharePoint Designer may not be appropriate to use in a production environment. As such, there are multiple configuration options within SharePoint Server 2010 that control which actions can be performed by SharePoint Designer users.
The first set of options can disable SharePoint Designer access or limit the changes it can make. These settings are configured using the SharePoint Central Administration web site, under General Application Settings. From the General Application Settings page, select Configure SharePoint Designer Settings. This page, shown in Figure 12-1, displays the available options and their current settings. Note that you set these options on a per web application–basis. To set these options for a web application other than the default, select it using the drop-down control at the top of the form.
Figure 12-1. SharePoint Designer settings in Central Administration
Tip If you need to control these settings at the site collection level instead of at the web application level, this can be done using the Site Settings page in the root site of the collection. Look for the SharePoint Designer Settings option under Site Collection Administration.
Table 12-1 provides descriptions of the various settings available on the Designer Settings page.
In addition to configuring SharePoint Designer access to a web application or site collection, the user connecting to the site must have the Use Remote Interfaces permission. This permission allows the user to use several types of remote interfaces including SharePoint Designer, web services and the WebDAV publishing interface. The Use Remote Interfaces permission is part of all of the default permission levels except Limited Access and Restricted Read. Any user that is assigned any of the other permission levels can connect to the web site with SharePoint Designer. However, SharePoint Designer still obeys all of the normal permissions enforced by SharePoint Server. If the user does not have permission to read or change an item in the SharePoint site, they will not be able to do so using SharePoint Designer.
For a more detailed look at using SharePoint Designer to create custom SharePoint solutions, see Pro SharePoint Designer 2010 by Steve Wright and David Petersen (Apress, 2011).
Visual Studio
Another tool that is useful for creating SharePoint solutions is Microsoft Visual Studio 2010. This is Microsoft’s environment for professional development. In Visual Studio, a developer can create new features, Web Parts, event receivers and other code components that run “under the covers” in SharePoint. Visual Studio is a very powerful tool but it is not intended for use by non-developers.
Visual Studio 2010 contains a large number of templates for creating all manner of SharePoint artifacts and packaging them for deployment to SharePoint. These artifacts are typically compiled into a solution package which is then deployed to the SharePoint server farm in either a “sandboxed” or “farm-level” deployment. A solution package is a single file that contains all of the executables and metadata necessary to install a working set of components into the server farm. We will discuss the packaging and deployment of Visual Studio–based solutions in the next chapter.
Visual Studio is the primary tool used for developing custom functionality on the SharePoint platform. Because of the potential for causing instability in the server farm, Visual Studio should only be used to directly interact with development SharePoint servers. This allows the solution to be debugged and updated as needed without affecting the production environment. Once development and testing are complete, the compiled solution package can be deployed to the production farm using the web interface, the STSADM command-line tool, or the PowerShell scripting language.
InfoPath Designer
InfoPath forms allow designers to create rich custom forms that can create and consume data from a variety of sources. InfoPath and SharePoint are designed to work well together and there are some interesting features that can best be leveraged using both technologies together.
InfoPath integrates with SharePoint in several different ways but the underlying technology supporting that integration is the InfoPath Forms Services subsystem. This component is only part of the Enterprise edition of SharePoint Server 2010. Forms Services is configured in SharePoint's Central Administration site. To configure Forms Services, select the General Application Settings link in the left-hand menu and look for the InfoPath Forms Services group.
In order to enable InfoPath Forms Services features within SharePoint a site collection, the “SharePoint Server Enterprise Site Collection features” feature, must be activated. This feature activates the Web Parts and menu actions necessary to host InfoPath forms within the site collection. Deactivating this feature is sufficient to prevent InfoPath forms from being used, but doing so may cause other desirable features to be disabled as well since they are a part of the same feature.
Types of Forms
Once Forms Services is configured and enabled in the site collection, there are a number of different ways in which InfoPath form templates can be used.
InfoPath forms are XML-based. This means that all of the data entered is encoded into an XML document that is then submitted to a data store of some kind. The most basic use of InfoPath forms in SharePoint is a SharePoint document library used as a repository for storing completed forms. SharePoint provides several useful features for working with completed form documents including versioning, access security, and workflow processing.
The next most common use for InfoPath within SharePoint is to create customized forms for workflows. SharePoint workflows allow users to perform controlled business processes managed by the Windows Workflow (WF) engine hosted within SharePoint. The WF engine can assign tasks, send e-mails, or perform a number of other activities to complete a business process. At each step in the process, user input may be required. The forms for entering this data are called task forms. InfoPath can be used to create highly-customized templates for these forms. Creating and deploying workflows will be discussed later in this chapter.
A new feature in InfoPath and SharePoint Server 2010 is the ability to create custom list forms in InfoPath. When a list or library is created in SharePoint, a set of default data entry forms is created. These forms create new items and edit or display existing items. A site designer can now customize these forms using InfoPath more easily than using the other methods available. The ability to create these forms is controlled by the security settings on the SharePoint list and the permissions granted to the user.
Form Security
Security is a complex topic when dealing with InfoPath forms because a form will often touch many resources outside the form. InfoPath forms can contain data sources which retrieve data from databases, web services, or other locations. Each of these interfaces may require its own authentication and authorization mechanism to function properly. Form templates may also contain managed .NET code that can access files on the user's system or perform other potentially dangerous actions.
To control the use of these features, InfoPath uses the concept of form security levels. Each security level places a different set of restrictions on what actions the form template can perform. The form-filling environment also affects what actions a form can take. Forms running in the InfoPath client application have greater freedom than those running in a web browser. A comprehensive discussion of the rules governing the restrictions placed on forms at different security levels is beyond the scope of this book, but policies regarding the use of these levels should be established.
The two security levels most often encountered in SharePoint sites are Domain and Full Trust. The third level, Restricted, is typically used only for e-mail-based forms.
The Domain security level is the most commonly used mode for InfoPath forms in SharePoint. Domain mode forms can access external data as long as that data is accessible according to the security zone for the domain as defined by Windows Internet Explorer.
Note It is important to recognize that InfoPath's use of the word domain is not the same as a domain in Active Directory or in Internet web addresses. For example, the Internet addresses www.microsoft.com and office.microsoft.com may or may not represent different security domains depending on the configuration of zones in Internet Explorer.
When a form is opened from a SharePoint list or library, the URL used to open the template is checked against the security zones defined on the user's desktop to determine if it is in the Internet or Local Intranet zone. In domain mode, external resources are restricted based on their zone relative to the zone of the form template.
The most permissive level of security for an InfoPath template is Full Trust. In Full Trust mode, a form can access any resources that the person filling out the form has access to. This may include databases, files on the local hard drive and registry settings. Obviously, Full Trust forms should be used only when absolutely necessary because of their potential for unintended impacts on the user's system.
The good news is that forms cannot get Full Trust just by asking for it. In fact, it can be quite difficult to get a form template installed in a way that allows Full Trust. In order to run a form in SharePoint using Full Trust, the form must be digitally signed using a trusted root certificate and installed by a farm administrator through SharePoint's Central Administration site. It can't be directly published by the designer.
Microsoft Visio
Microsoft Visio is a client application that allows the user to create intelligent diagrams using stencils. These stencils contain many shapes that can be connected and configured in various ways.
Visio Services is a new service within Microsoft SharePoint Server 2010 Enterprise Edition that allows Visio drawings to be displayed as part of a web page. The Visio Web Drawing file format allows the drawing to be displayed in any browser from a SharePoint site. The shapes within the drawing can also link to data within SharePoint or from other data sources such as relational databases. This data can be used to add labels to shapes or change their appearance. This creates a number of opportunities to create advanced visualizations. Like InfoPath Forms Services, Visio Services is enabled and configured using the Central Administration site and the Enterprise feature.
The Visio client application can publish web drawings directly to a document library in SharePoint. That diagram can then be viewed online directly or through a Web Part embedded into a web page.
Visio diagrams are also used in conjunction with PerformancePoint Services to generate interactive dashboards as shown in Figure 12-2. These diagrams are sometimes referred to as Strategy Maps.
Figure 12-2. A Visio-based strategy map in PerformancePoint Services
Another use of Visio is in workflow development. Visio 2010 uses a set of stencil shapes to define the steps in a workflow, as shown in Figure 12-3. This allows a business user to design the workflow in Visio and then hand it off to a developer.
Figure 12-3. A Workflow design in Visio
Once the workflow is designed, the developer will add logic and data connections to complete the workflow using either SharePoint Designer or Visual Studio. In this case, the Visio client application is not interacting directly with SharePoint but is involved in developing a solution that will run in SharePoint.
SharePoint Workspace
SharePoint Workspace 2010 is a client application that allows users to take SharePoint content offline. Workspace is the latest version of the Microsoft Groove client available as part of Office 2007. The application also allows the creation of peer-to-peer collaboration without using a SharePoint server.
If you need to prevent SharePoint Workspace users from accessing a site's content, there is an option under Site Settings that can accomplish this. First, select “Search and offline availability” from the Site Administration group as shown in Figure 12-4.
Figure 12-4. Site Settings—offline availability
The site administrator can block or allow access on the configuration page, as shown in Figure 12-5. Unfortunately, this is a site-level setting so it must be set to be blocked in each site. Access is allowed by default.
Figure 12-5. Search and Offline Availability page
SharePoint Workspace can synchronize documents and lists with the SharePoint site when a connection is made. This allows users who are not always connected to contribute content and collaborate with other users on a SharePoint site. SharePoint Server still enforces all of the usual content restrictions when sending content to or receiving updates from Workspace. While SharePoint Workspace can be used to access and collaborate, the user's ability to customize SharePoint through this tool is quite limited. The risk of allowing access to authorized users is therefore relatively low.