Forum Discussion
Set Unique value based on the (CreatedDate & CreatedBy)
We want to create a SharePoint online custom list with these business logic:- Users enter an entry each day to specify their location (which site they are working in).. No one can see other entrie...
Don't forget the custom content type to the list. Because if the users actually find the list, they might go around the Power App.
but custom content type has nothing to do with this... at the end i can customize the list form to show blank page, so users will have to use Power Apps,, but still users can modify the list using the API.. my question is about having a robust solution similar to using remove event receivers which run on pre-add and pre-edit ,, but those are no longer valid options
In what way do you mean that they can modify the list using an API? :)
I recommend doing a penetration test on the list just to try it out. It is impossible to create an "official" item using the right content type unless they have the ID.
To get access of the ID, they have to either be site owners or owners of the list.I mean if you prevent users from edit/create from the list view , and you develop a power apps, but there is not server side validation, then the user can use the browser developer tool and create a duplicate item using the sharepoint rest api ...you did not try this before?
