Posts Tagged ‘SharePoint’

SharePoint Sandbox Solutions: The Good, The Bad, and The Ugly

Date:July 11th, 2012 Author: Tags: , , , ,
Category: General, SharePoint Development, SharePoint webparts, Training Comments:3 ;

Sandbox solutions are often seen as the cure-all for the worries of installing in-house or third party software on your SharePoint farm; but all is not as it seems.

This article aims to dispel some of the illusions around the safety of Sandbox Solutions, and cut through some of the fluff about what the sandbox should actually be used for and why.

  • The Good: What sandbox solutions do well
  • The Bad: What sandbox solutions don’t protect you from
  • The Ugly: The compromises you have to make to use them

What is a Sandbox Solution?

A Sandbox Solution is just like a normal Farm solution, except that it is deployed to a specific Site Collection (rather than the whole Farm), and has a limited set of tools it can use.

A full listing of what you can and can’t do in the sandbox can be found here:

Sandbox Solution Considerations (section “Capabilities and Elements in Sandboxed Solutions”)
Restrictions on Sandboxed Solutions in SharePoint 2010

It’s just like having a toddler in a sandbox in your garden (or yard): They can build sandcastles and dig holes using the tools you give them, but they can’t play with the chainsaw or ride-on mower you’ve left lying around (or dig enormous holes in your flower beds).

The Good

Sandbox Solutions are prevented from doing many things that could cause security or performance issues on your SharePoint server. Notable restrictions include:

  • No access to the network(s) your server is connected to
  • No access to the server’s registry
  • No access to the server’s filesystem
  • No access to e-mail via SMTP
  • Permissions cannot be elevated

There are also some additional features to help keep solutions in line:

  • Solutions can be installed at the Site Collection level by Site Collection administrators.
  • Resource Usage Limits are applied to solutions and can be monitored and limited by the administrator, preventing faulty or processor-hungry code from overwhelming the server.
  • Solutions can be automatically validated, and known troublemakers can be banned from the entire farm.

Notably, the main benefit to the Site Collection administrator is the ability to deploy their own solutions, but the majority of the other benefits are to the Farm administrator (and/or hosting company); although everyone benefits from the improved system stability these features help to ensure.

The Bad

There are a great many features to help with system stability and the prevention of security breaches; but there are limits to what the solutions are prevented from doing.

You should certainly never deploy untested third-party solutions to the sandbox “without fear of bringing down the entire farm”.

The best example of a danger to stability from within the sandbox is the lack of control over the Client Object Model, mentioned here: Sandboxed Solutions in SharePoint 2010

Pages, Web Parts, and controls that are deployed in sandboxed solutions can include code that runs against one of the SharePoint Foundation client-side object models … Code that runs on the client computer is not subject to any of the code execution or resource usage restrictions.

For example, a solution could contain malicious or badly written code executed via COM that requested all the items in a list an infinite number of times. If embedded into a web part, this would effectively turn the computer of every user that viewed it into a node of a DDoS attack on the server farm.

Rather less dramatically, it’s worth noting that there are no specific restrictions on actively malicious code within a Site Collection. It’s perfectly possible to:

  • Delete sites and sub-sites
  • Add COM calls to export data to an external site (much like Wictor’s data import)
  • Copy data added/edited in lists with item-levels permissions to unrestricted lists

The Ugly

Although sandboxing adds restrictions at every level of SharePoint, the feature wasn’t in the original platform design (in SharePoint 2007). In order to squeeze this feature in, some sacrifices had to be made.

Since there’s no access to the filesystem, the following aren’t possible:

  • Application Pages
  • Visual Web Parts (since they deploy a Control Template)

There are a some compromises due to Split Page Rendering; where sandboxed web parts are rendered separately from the rest of the page in a controlled thread:

  • No Script Manager to output/organise JavaScript
  • No web part connections
  • No access to the page Cache

Similar to the above: Because sandbox solution code needs to run in a controlled thread, the following functionality (that uses separate threads) had to be removed:

  • Workflows containing code
  • Timer jobs

Although most of these compromises are understandable, there are some features that are missing for no apparent reason:

  • You cannot use any of SharePoint’s own web controls (e.g. Date picker, User selection)
  • You cannot hide Custom Actions, or add Custom Action Groups

Conclusion

Sandboxing makes it less likely that you’ll accidentally destabilize a SharePoint farm with broken code, and make it easier to find and deal with trouble making solutions.

It’s also more difficult for malicious code to gain access to anything outside the Site Collection it’s deployed to, and slightly more difficult to destabilize the farm.

However, it doesn’t guarantee safety from either bad or malicious code and there are a large number of compromises to consider. Working around sandbox limitations will add overheads to most development projects, and many solutions will simply not fit into the sandbox model.

For example: FilterPoint and Highlighter are two of our own products that can never be made sandboxable, as they’re based on features that are simply not available in the sandbox.

Edit: Since the publishing of this post, we’ve discovered that sandbox solutions are now deprecated in SharePoint 15; as mentioned in the article SharePoint 2013 preview – Apps or Crapps?.

Tip – Keyboard shortcut for Paste As Plain Text in SharePoint

Date:June 14th, 2012 Author: Tags: , ,
Category: General Comments:5 ;

If you spend any amount of time copy and pasting stuff into SharePoint’s wiki or rich text fields (or indeed working with web based rich text editors of any kind) then you’ve undoubtedly have been burned by the crAzY FormaAting monster! This is because the formatting that works so beautifully in one place may not work well in another site.

Of course in SharePoint 2010 you’ve got the Paste as plaintext option in the toolbar, but I am a keyboard warrior damn it! I don’t have time for faffing about with a mouse!

If you’re as impatient as I am (or aren’t using SharePoint 2010) you’ve probably got around this with the Notepad dance to remove formatting – Select source, CTRL+C, Open Notepad, CTRL+V, CTRL+A (select All), CTRL+C, switch to destination and finally CTRL+V to paste plain text… but there is an easier way – CTRL + SHIFT + V to Paste As Plain Text!

If you’re using :-

Send email alerts when a document is left checked out

Date:May 28th, 2012 Author: Tags: , , , ,
Category: SharePoint Reminder Comments:0 ;

A new version of our Reminder web part for SharePoint has been released (v1.7.16) that allows you to send email alerts if a document is left checked out for a long time.

If you have document libraries that require check out before editing then you’ve undoubtedly been faced with the situation where documents have been left checked out – blocking other users from editing the document.

Reminder allows you to send email alerts after a period of time to ensure checked out documents are not forgotten about.

This example shows how to setup Reminder to send email alerts if something in a document library is left checked out for more than 12 hours.

SharePoint - email alerts when a document is left checked out

The manual contains other common scenarios such as email alerts when Task/Due and Overdue, simple helpdesk in SharePoint, enhanced SharePoint alerts and more.

You can download and upgrade to the latest version.

New version of PivotPoint web part for SharePoint – v2.2.3

Date:May 15th, 2012 Author: Tags: , , ,
Category: General, PivotPoint Web Part Comments:0 ;

A new version of our PivotPoint web part for SharePoint (v2.2.3) is ready.

This new version improves performance for large lists, corrects bugs when you have angled brackets (“<” and “>”) in your row or columns, adds support for site column lookups and a 2 new features.

Sort by Title or Total

The new version of PivotPoint allows you to sort by both the Title and Total rows, either ascending or descending.

Title and Total cells

For example, instead of sorting alphabetically by product you can sort by their total sales – showing your best performing products at the top of the table or left of the chart.

PivotPoint showing all columns

More details are in the online manual.

Show Top N

In combination with sorting by the Total you can choose to show the Top N columns or rows.

For example given the following data the vast majority of revenue comes from 2 products (Bottle-o-matic and Can-o-Matic) and we have a ‘Long Tail’ of other products.

We can choose to only display the top 2 columns (products) and optionally group all the other sales into “Other”

PivotPoint for SharePoint showing top 2 columns

 More details are in the online manual.

You can download and upgrade to the latest version without losing any settings.

10 things developers should know about SharePoint

Date:May 4th, 2012 Author: Tags: , , , ,
Category: Community, General, SharePoint Development, Training Comments:1 ;

Many developers walk into the world of SharePoint unaware of the strange and interesting journey of discovery they’re about to begin.

It’s often difficult to know where to being, so here’s the top 10 most useful things I’ve learned since I joined Pentalogic back in 2010.

Pitfalls

1. Know your Editions
2. Don’t even look at the database
3. Get to know the front-end
4. Dispose of your disposables

Building your Knowledge

5. Learn the language
6. Get a good book
7. Love the MSDN documentation
8. Find a SharePoint community that suits you

General advice

9. Learn to live with CAML
10. Remember that SharePoint is enormous
Conclusion

1. Know your Editions

SharePoint comes in many flavours, each of which has it’s own features and shortcomings. Here’s a quick run down of the notable versions:

Release Cheap Expensive MS Hosted
2007 WSS3 MOSS BPOS
2010 Foundation Standard/Enterprise SharePoint Online
/ Office 365

It’s useful to get to know these for when you’re searching for solutions, as you’ll sometimes come across those that are edition specific (e.g. the Standard Edition’s ContentIterator class for querying large lists).

There are few things more frustrating than finding the perfect solution, and then discovering you have the wrong Edition.

2. Don’t even look at the database

To those new to SharePoint this is entirely baffling: Why wouldn’t you want to get data from the database? There are two good reasons for this:

a) Microsoft is very touchy about their database. They will not support any installation with software on it that modifies the SharePoint database.

b) The structure will give you nightmares. At some point in almost every database developer’s career they say: “Why don’t we abstract the table structure, and just have one massive generic table of text data?”

They’re then hit in the head by whatever small throwable object happened to be nearby, and their colleagues point out that although it would be very flexible, it would also be fantastically slow and unwieldy.

Unfortunately either the SharePoint team operated a clean desk policy, or they put an extraordinary value on flexibility, and the result is lurking in the darkness of the SharePoint database.

3. Get to know the front-end

It’s very tempting to dive straight into the code side of things, but when you’re trying to orientate yourself in the API it helps to have a good understanding of what you’re looking at from the front-end.

It’ll also give you a good feel for the site’s design, and hence what sort of layout the users will expect to see.

Many of the actions you perform in code will correlate to actions in the front-end, as well as the structure.

For example, to find a particular list’s view in the front-end, you would:

  • Open the site using the URL
  • Open the sub site
  • Select the list
  • Select the view

The code version of which is very similar in structure and information needed:

    using (SPSite site = new SPSite(http://site))
     {
         using (SPWeb web = site.OpenWeb("subsite"))
         {
             SPList list = web.Lists["List name"];
             SPView view = list.Views["View name"];
         }
     }

4. Dispose of your disposables

Some SharePoint objects (in particular SPWeb and SPSite) won’t automatically dispose of themselves when they’re no longer used. If you’re unaware of this, then you may easily run into post-deployment problems caused by the ensuing memory leaks.

The code in the previous section shows one method of dealing with this problem, and here is Microsoft’s advice on the subject: Disposing Objects

Interestingly, you shouldn’t always dispose of these objects; for example you shouldn’t dispose of  SPContext.Current.Web. As a general rule of thumb:

If you made it, dispose of it. If you were given it, leave it.

5. Learn the language

There is a huge amount of SharePoint-specific terminology, and some of it can be inconsistent and often misleading. For example, a Site Collection is an SPSite object, but a Site is an SPWeb object.

Another example that caught me off guard at first was that there’s a difference between the Object Model (the server-side SharePoint API) and the Client Object Model (client-side API). Whereas I was under the impression that one was an abbreviated form of the other.

Microsoft has published an enormous glossary, which seems to cover quite a lot of it: Glossary for SharePoint 2010. Although as with any jargon or language, most of it is learned along the way.

6. Get a good book

A good reference guide is infinitely more useful than an enormous glossary when getting to know the components of SharePoint. It’s vitally important that you get an overview of all of these components, to avoid inadvertently reinventing the wheel.

There are two I can personally recommend (having read them both cover-to-cover):

Building the SharePoint User Experience (Furuknap): Written for 2007, but still covers the mainstay of SharePoint. An easy and interesting read: If you’re quickly bored by dry textbooks, then this is definitely the book for you.

Inside Microsoft SharePoint 2010 (Various): A good follow-on from Furuknap’s book. A solid foundation of 2010 knowledge, and a good one to refer to now and again. Don’t start with this book though, or you’ll find yourself climbing a pretty steep cliff.

As your SharePoint knowledge grows, revisiting the books can also be quite useful. Parts you may have glossed over previously will suddenly start to make more sense, and you may find some useful tips you missed first time.

7. Love the MSDN documentation

Having developed and worked with a great many third party APIs and interfaces in the past, I can say with considerable confidence that the MSDN documentation is phenomenal.

Every class, method, and property is documented. Even the most obscure properties have at least a placeholder page, which in itself offers more information than many specifications. On top of this is the community comments on each page add clarification and often links to useful related articles.

However, there are two minor shortcomings. The first is that the background documentation (such as “Disposing Objects” mentioned above) is usually painfully boring to read and often skims around subjects rather than getting to the point.

The second is that the CAML documentation is very bizarrely structured: Elements used for almost completed different things share the same page just because they have the same name. There is also missing documentation where the CAML is more obscure, such as the elements used in SPWeb.ProcessBatchData().

8. Find a SharePoint community that suits you

Sometimes no amount of Googling or searching of MSDN’s documentation will find you the answer to the problem that’s been bugging you. In these circumstances it’s good to have a community of like-minded SharePoint developers to help you with your problem.

Being an active member of a community will also help you to expand your knowledge of SharePoint in general.

Here are a couple of the more notable SharePoint developer-friendly communities:

I’ve previously discussed the differences between the two in the following article: SharePoint Questions: MSDN versus Stack Exchange

9. Learn to live with CAML

Collaborative Application Markup Language (CAML) is another example where flexibility seemed to take precedence over usability. In certain circumstances you’ll be forced to write unserializable and poorly validated XML to perform seemingly simple tasks, such as importing comparatively small quantities of data (a few thousand rows).

However, it isn’t all bad: As I mentioned, CAML does allow a great deal of flexibility, and also has very easily readable syntax. The core resource for CAML can be found here: Collaborative Application Markup Language Core Schemas

When querying data you can avoid CAML by using LINQ, which is reputedly faster and easier to use. If you have no fear of CAML (or are working on 2007), the following tool may be of use to you: U2U CAML Query Builder

P.S. While we’re talking about tools, I should mention the extensive and impressive list of SharePoint development tools found here: List of SharePoint 2007 development tools

10. Remember that SharePoint is enormous

It’s important to bear in mind that SharePoint is a mind bogglingly large framework, with dark corners that even the SharePoint Development Team themselves haven’t visited in years.

This is important because occasionally you’ll find an area that’s poorly documented or has strange known issues, and it helps to have a little perspective on the scale of the system you’re dealing with.

You also need to be aware that there’s an awful lot you don’t know, and some of which you may never know. Getting a good overview of the components is essential. I wouldn’t recommend designing a project to use a component (such as a Custom Field Type or Site Template) until you’ve at least made a prototype in that area; to appreciate the depth of what you’re tackling.

The variety of customizable components in SharePoint also means that there is almost always more than one solution to a problem, as you can see in some of my previous posts: How to do list highlighting in SharePoint

Conclusion

The first challenge in SharePoint is discovering the existence of all the things you don’t understand yet. Once you’ve got a vague idea of all the different components, then you can really start to learn what each is about.

To borrow Mr Rumsfeld’s turn of phrase: Once all your unknown unknowns are known unknowns, you can start learning known knowns.

Date Range filtering with the new version of FilterPoint, PivotPoint and Planner.

Date:December 13th, 2011 Author: Tags: , , ,
Category: Filter, FilterPoint Web Part, PivotPoint Web Part, SharePoint Planner, SharePoint webparts Comments:0 ;

FilterPoint has had the ability to send Date Filters but a common request has been Date Ranges – like showing everything this month, last year or between two arbitrary dates.

FilterPoint - Date Range Filtering

The good news is that we’ve added this in to FilterPoint as of version 1.2

The bad news is that this will only work with our other SharePoint products – Planner and PivotPoint – it won’t work with SharePoints built in List View web part (LVWP).

That’s disappointing!

Yes it is – it’s just a limitation of SharePoints filtering I am afraid, but all is not lost!

This page shows how you can do things like Month filtering using calculated columns and this blog article shows how you can setup “Current Month/Previous Month” views using nothing more than Calculated Columns and View filters.

Upgrading

As always you can upgrade without losing any settings by downloading and running the latest trial version and selecting “Upgrade” when prompted (don’t forget you need the a recent version of Planner (v2.6.9+) and PivotPoint (2.2.0+) to accept date range filters.

SharePoint TeamTime is out now!

Date:December 12th, 2011 Author: Tags: , , , ,
Category: SharePoint TeamTime, SharePoint Timesheets Comments:0 ;

teamtime-big-noshadow

Track and analyze your team’s time with our newest product: SharePoint TeamTime! A ready-to-use timesheet site template for SharePoint 2007 and 2010.

What’s so great about TeamTime you ask? Well let me tell you:

Log your time your way

Want to log your time as you work? Then simply punch in on your personal dashboard to begin the timer:

TeamTime Punchcard

Want to write up your timesheets when it’s convenient for you? Your dashboard has this covered too:

TeamTime Timesheet

Make those numbers work for youTeamTime Analysis

Logging the time is all well and good, but what we really want is to see what all that data adds up to. Don’t waste time working for the numbers; make the numbers work for you.

Using the Analysis page you can drill down to the data you want, and view read-made summaries and graphs.

If you still want more from your numbers, pick the data you want from the Reporting page and export it straight to Excel.

Need more?

  • Per-server licensing: No wasting time trying to license and set up every user; buy it once and forget licensing ever happened.
  • Take the tour: Watch our TeamTime Demo; see if you can count how many times the word ‘time’ is used. It’s a lot, trust me.
  • Free 30 day trial: Download and try it out!

SharePoint TeamTime: It’s Time for Beta!

Date:November 16th, 2011 Author: Tags: , , , , , , ,
Category: SharePoint TeamTime, SharePoint Timesheets Comments:1 ;

teamtime-big-noshadowWe have started beta testing our newest product SharePoint TeamTime and we expect it to be finished in the next couple of weeks!

Sign me up! Wait… what is it again?

TeamTime is a time tracking site template for SharePoint. Users track their time by entering it into a timesheet (a.k.a. timecard) or by punching in and out of tasks.

You can then get an overview of everyone’s time logged using our custom reporting tool and embedded versions of PivotPoint and FilterPoint that come preconfigured in the site.

Tell me more!

They say a picture is worth a thousand words, so here’s a glimpse of what’s inside:

‘My Dashboard’

tt_mydashboard

‘Analysis by Week’

tt_analysis

To look in more detail at how it works (or just to see more pictures), you can have a glance at our manual: SharePoint TeamTime manual.

If you want to be notified when its released then signup here.

Whats a Beta test and can I help?

Its the final stage in testing a software product before its released into the real world. All the major bugs should have been squashed but there may be some minor problems left. The idea is to get broad feedback from ‘real’ users that will help pick up problems, omissions or things that are just a little confusing that you wouldn’t find otherwise.

Beta testing isn’t for everyone – these are the things you should bear in mind :-

  • You need to be reasonably proficient with SharePoint.
  • You will need an in-house deployment of SharePoint 2010 or 2007 – its not suitable for BPOS/Office 365
  • You should have a “non-production” environment to test in.
  • You will need to have some time free to give it a good test and provide feedback.

If you would like to help us Beta test this then please e-mail us: support@pentalogic.net

New-SharePoint TeamTime: SharePoint Timesheets to go

Date:September 22nd, 2011 Author: Tags: , ,
Category: SharePoint TeamTime Comments:0 ;

So here’s a new one for you.

SharePoint TeamTime: a nice and easy, ready to use timesheet and time tracking application for SharePoint.

We have been busy working on TeamTime all summer and now it’s very nearly ready to go.

TeamTime is a native SharePoint application pre-built for you to simply add to your SharePoint site and start using with your team.

It offers you two methods of time entry:

  • either a punch card, to let your record time as its happening by stopping and starting a timer,
  • or a traditional grid or timesheet if you prefer to enter all of your time at the end of the day or week.

The team dashboard lets you see who is working on what right now, and to approve time already logged.

Then powerful and customizable reports and analysis give you an overview of work over time to help you answer questions like:

  • What exactly has Bob been doing this month?
  • Who has been working on Project X?
  • How much time are we wasting on meetings?

TeamTime is a bit of a departure for us.  Up until now we have concentrated creating SharePoint components: tools that you can use to help you get more out of SharePoint when building your own sites, applications and dashboards.

One of the great things about SharePoint is the ability it give end users and power users to build their own applications.  It can be great fun to see just what you can achieve with SharePoint and create something that is exactly tailored to your needs and your processes.

But equally sometimes you just need to quickly get your hands on something that just works and instantly solves your business problem, with no time or effort required from you.

Our research into SharePoint End User Adoption showed us that getting a visible “quick win” with SharePoint: using SharePoint to rapidly and visibly address a business pain point can be one of the best ways of jump-starting user adoption of SharePoint.

Our experience with SharePoint Vacation Planner taught us that sometimes you prefer to have someone else map SharePoint functionality on to business processes for you, rather than having to make that journey yourself.

All this made us think that you might welcome a ready to go SharePoint application that addresses one of the most common issues in any business: time tracking.

TeamTime has been built using a combination of out of the box SharePoint functionality and customized versions of our own web parts: PivotPoint and FilterPoint.  The development has provided us with some new challenges, particularly in the area of user interface design where we have had far more scope to express our creativity that we normally get when building components.  Could be dangerous!

Working our own components in to TeamTime has also given us a fresh perspective on them and some improvements have resulted – watch this space for a new version of FilterPoint.

We are now in the final stages of development and testing with TeamTime and the final version will be released very soon.

If you’d like to give it a whirl with our 30 day free trial then sign up here.

Thinking Sideways About Highlighter

Date:September 15th, 2011 Author: Tags: , , , , ,
Category: Highlighter, SharePoint Ideas Comments:0 ;

You may have caught Clare’s post earlier about Highlighter’s recent performance enhancements, that were mostly due to some of the surprising ways we’ve seen it being used in the wild. To illustrate this sideways thinking (lateral and literal) we’ll take a look at exploding a humble status column into an Approval Progress Overview:

Status overview

As you can see, we now have a quick at-a-glance idea of how the projects are doing. To create this view, a Highlighter column has been added for each of the statuses. In each of these columns we’ve set it up to display icons (cell color is also a good choice), and cleared the default. Let’s take the Approved status as an example:

Icon setup

All we need to do is click the Auto-create button to create some rules, remove those for the earlier statuses, change the later ones to green icons, and this column’s status of interest to a working icon:

Rules

Just to keep people on their toes lets add a little urgency to the list with a Due Date column. So now we want to change the Approved column to a red icon if the Due Date has passed, and the status isn’t yet Approved. This is done by switching to Advanced mode and adding a single rule:

Due date rule

Here are the results of that extra change:

Overview (with due date)

If that wasn’t enough for you, here’s the weaponized version of Highlighter featuring cell colors, priority icons, and Project Manager Blood Pressure indicator:

weaponised

We’re always interested to hear what you’ve done with our products (especially Highlighter); so if you’ve done something even scarier than the above, send a screenshot to support@pentalogic.net.