Slinger's Thoughts

September 23, 2008

Remove “Discard CheckOut” option

Filed under: SharePoint — slingeronline @ 1:29 pm

We had some security concerns expressed by some of our users about the possibility of opening a file, editing it, and then discarding the checkout after printing the file.  Since we have remote users, this is not a good option to leave available.  Well, I have found one way to stymie this possible vulnerability.  While this is not the ideal way to do it, and I would rather have had this security trimmed, I have found a way to remove the “Discard Check-Out” option.  If someone would like to code this into a “feature,” that includes security trimming, I think that would be awesome.  They could likely do it the same way that the “Hide View All Site Content” feature was put together. (At least I hope so, I’m still too new at this to figure it out.)  For those who are impatient though, here is the answer.  There are two files that you will need to edit.  And both are located in the following directory.
C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\1033

The two files you will need to edit are OWS.js and CORE.js.  Both files contain similar information.  And in order to prevent any difficulty, I highly recommend that you make a back up of these files before you go making changes to them. (We’ve all been through re-installing SharePoint, right?)  I don’t know if this will work for WSS, but I imagine that it will.  Let us know in the comments if it doesn’t.  Open CORE.js in your trusty SharePoint designer, or your editor of choice.  And then comment out lines 3906 through 3910.  (Don’t delete these lines, as if you need them back, you will need to remember what the code was.)  The lines should look like this;

// strDisplayText=L_DiscardCheckou_Text;
// strAction=”UnDoCheckOut(‘”+ctx.HttpRoot+”‘, ‘”+url+”‘)”;
// strImagePath=ctx.imagesPath+”unchkout.gif”;
// menuOption=CAMOpt(m, strDisplayText, strAction, strImagePath, null, 710);

All of the rest of the references to Discard Checkout can be ignored, as they set the variables, and actions to take.  The only thing that we have actually done is to remove the menu item from the drop down menu, so that user’s cannot click on it. Next, open the OWS.js file. The lines we need to edit here are little different.  Lines 5329 through 5333 are what we are going to comment out.  (Again, don’t delete as we may need this option back at some point in the future.)  The lines should look exactly the same as above.   In this file, just as the other one, any other reference sets variables, performs the action, etc.  All we did was remove the item from the menu. 

And that’s that.  Now your users must check in a document if they check it out.  They can’t discard the check-out.  It would still be nice to have this security trimmed so that users with the “ManageWeb” permission are the only ones who see it.  Maybe one of you Code Gurus can put something together.

 What I would really enjoy now, is the ability to do the same for the “Unpublish this item” option.  Unfortunately, that one looks a little more complex, since there are more options to check.  I’ll keep looking into that one and breaking my test environment until I have an answer for you.  Wish me luck.


1 Comment »

  1. Asking questions are actually good thing if you are not
    understanding anything totally, but this post gives nice understanding yet.

    Comment by — September 11, 2013 @ 4:32 am

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at

%d bloggers like this: