Dec 11, 2013 at 6:40 PM
I was looking to set the permissions for this only allow those with Rights="DeleteListItems" to view the feature. This part works for the button in the ribbon but not for the option in the drop down. Everyone can still see it. Any idea on how to change this?

I have toyed around with it for a couple days but no resolve.

Dec 13, 2013 at 2:34 PM
Hi ibertrand,
I looked into this and quickly realized that this was not going to be easy. Finally, I came up with the following solution. Add the given code in the ECBDelegateControl.ascx file:
<script type="text/javascript"> var hasPermissions = false; </script> <SharePoint:SPSecurityTrimmedControl ID="SPSecurityTrimmedControl1" PermissionsString="DeleteListItems" runat="server">
<script type="text/javascript"> hasPermissions = true; </script> </SharePoint:SPSecurityTrimmedControl>
<script type="text/javascript"> var context = null; var web = null; function Custom_AddListMenuItems(m, ctx) { if (hasPermissions) { AddECBMenuItems(m, ctx); } } function Custom_AddDocLibMenuItems(m, ctx) { if (hasPermissions) { AddECBMenuItems(m, ctx); } } function AddECBMenuItems(m, ctx) { var pageUrl = ctx.HttpRoot + "/_layouts/NY.ExportVersionHistory/ExportVersionHistory.aspx?ID=" + currentItemID + "&amp;List=" + ctx.listName; if (ctx.verEnabled) { CAMOpt(m, "Export Version History", "'" + pageUrl + "');", "/_layouts/images/NY.ExportVersionHistory/Excel_Small.png"); CAMSep(m); } } </script> The code uses SharePoint:SPSecurityTrimmedControl to check the permissions. However, one downside I see in this approach is that the code in the control will execute on every page load. Since, we are not doing anything heavy duty over there, I think one can take that. But what if you want to check the permissions on the list rather than the web. In that case we may have to revert to JSOM. But I found one peculiar issue in using JSOM. I have opened a question in SharePoint Stack Exchange about it, but no one has come up with any resolution yet. You can check it here: