I have a site going live soon and we had just done the final upload of the content from the staging server and we hit a few problems.  I dont know why they happened but they did.  I did the usual and created an empty site as per Stefan’s blog (How to create a blank site) and used Chris O’Brien’s deployment tool (http://www.sharepointnutsandbolts.com/2008/06/content-deployment-wizard-updated.html) like I had done many times before to import the site.  I would like to add that I dont believe it was either Stefan’s instructions or Chris’ s tool which caused the problems.

The first problem was that I could browse the site, but if I went into Site Actions –> Modify All Site Settings and then Site Collection Administration –> Go To Top Level Site Settings. I would get a 403 error.  Upon looking in the SharePoint Log I found that the 403 error came from looking up a feature.  This was a custom feature and both the Features.xml file and the elements.xml file did not have read permissions.  So I reset the read permissions and hey presto it worked.

The next problem was when the site was being browsed anonymously some of the underlying sites were missing from the navigation.  If you browsed to them directly, then you would be asked for a username and password.  Investigation of the IIS Logs shows that the GET for the default.aspx page was failing with a 403.5.  Investigation of the pages library showed that the permissions for it were unique.  Therefore the Pages library had become disinherited from the site permissions.  Changing the permissions to inherit from the site cured this problem (but see below).

The next problem was if a user (contributor or administrator created a site and then attempted to edit a page within that site it would fail straight away ACCESS DENIED. I tried Site Collection administrator – still could not edit a site I had previously created.  The other problem I found was that the Pages library permissions and the site permissions were missing the “Edit Permissions” menu ie.  I could not break the permissions and have this site have unique permissions. So I Googled this and found the following Blog. 

http://www.beyondweblogs.com/post/SharePoint-security-access-denied-permission-corruption-problem-Edit-Item-and-Access-Workflows.aspx

This detailed the second problem.  Thanks to Microsoft I found that this was a known bug and was fixed in the December Cumulative Update (KB 960010 and KB 960011).  I took a copy of the site onto a development server (never apply Cumulative updates until you have tested them on a development server first to see if there are any unwanted side effects.) applied the updates.  Still the same problem. (But at least the “Edit Permissions” menu items were back.!).  So I then compiled and ran the following code (slightly modified version of the code in the above blog) on the affected site and hey presto I could edit the sites again.

using System;
using System.Collections.Generic;
using System.Text;
using System.Xml;
using Microsoft.SharePoint;
using Microsoft.SharePoint.Publishing;

namespace FixPermissionCorruption
{
    class Program
    {
        static void Main(string[] args)
        {
            using(SPWeb web = new SPSite(args[0]).RootWeb)
            {
                    web.AllowUnsafeUpdates = true;
                    //bool excludeLists = Contains Switch(args, "excludelists"); //switch to exclude lists
                    SPField permMaskField = web.Fields.GetFieldByInternalName("PermMask"); //this is the culprit field
                    permMaskField.SchemaXml = UpdateSchema(permMaskField.SchemaXml);
                    permMaskField.Update();

                    Console.WriteLine("Root-Web Effective Permission Mask Updated");
                    //if (!excludeLists)
                        ShowWebTree(web.Url);
                    web.AllowUnsafeUpdates = false;
            }
        }

        private static string UpdateSchema(string schemaXml)
        {
            XmlDocument doc = new XmlDocument();
            doc.LoadXml(schemaXml);
            XmlNode node = doc.SelectSingleNode("/Field");
            XmlAttribute att = doc.CreateAttribute("RenderXMLUsingPattern");
            att.Value = "TRUE";
            node.Attributes.Append(att);
            return doc.InnerXml;
        }

        private static void ShowWebTree(string url)
        {
            SPSecurity.RunWithElevatedPrivileges(delegate()
            {
                using (SPWeb web = new SPSite(url).OpenWeb())
                {
                    foreach (SPWeb subWeb in web.Webs)
                        ShowWebTree(subWeb.Url);
                    Console.WriteLine("############### Updating Web : " + web.ServerRelativeUrl + "###############");
                    for (int i = 0; i < web.Lists.Count; i++)
                    {
                        try
                        {
                            SPField permMaskField = web.Lists[i].Fields.GetFieldByInternalName("PermMask");
                            permMaskField.SchemaXml = UpdateSchema(permMaskField.SchemaXml);
                            permMaskField.Update();
                            Console.WriteLine("Updating List \"" + web.Lists[i].Title + "\" ......");
                        }
                        catch { }
                    }
                }
            });

        }

    }
}

The final problem was that the asset picker (in add a hyperlink or add an image on the page editting menu) kept crashing with an arithmetic error.  Nothing much in the SharePoint Logs other than a application error had occurred in the AssetPicker.aspx file.  I then noticed that some of the usual Publishing items were missing (Documents List, Images List) so it looked as if the Publishing feature was not active when these sites were created.  So I copied the site to another part of the site, deleted the original version of the site and copied the site back to where it should be and the usual Publishing items were back (Documents and Images) and the Asset Picker inside the editing menu then worked.