During SharePoint migration from WSS 3.0 to MOSS, we experienced a very strange permission problem. After migration, whenever a new list or site was created; its edit access was somehow revoked. Not even system account could edit item??? This was a peculiar problem because user was unable to edit list items and was unable to run associated workflows.
After digging deep into the problem, we eventually found out that "PermMask" field was corrupted. It needed "RenderXMLUsingPattern" attribute to be true.
To fix it, you can refer to the following code which fixed this security problem for us :)
using(SPWebweb = newSPSite(args[1]).RootWeb)
{
web.AllowUnsafeUpdates = true;
bool excludeLists = ContainsSwitch(args, "excludelists"); //switch to exclude lists
SPField permMaskField = web.Fields.GetFieldByInternalName("PermMask"); //this is the culprit field
permMaskField.SchemaXml = UpdateSchema(permMaskField.SchemaXml);
permMaskField.Update();
Console.WriteLine("Root-Web Effective Permission Mask Updated");
if (!excludeLists)
ShowWebTree(web.Url);
web.AllowUnsafeUpdates = false;
}
private string UpdateSchema(string schemaXml)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(schemaXml);
XmlNode node = doc.SelectSingleNode("/Field");
XmlAttribute att = doc.CreateAttribute("RenderXMLUsingPattern");
att.Value = "TRUE";
node.Attributes.Append(att);
return doc.InnerXml;
}
private void ShowWebTree(string url)
{
SPSecurity.RunWithElevatedPrivileges(delegate()
{
using (SPWeb web = new SPSite(url).OpenWeb())
{
foreach (SPWeb subWeb in web.Webs)
ShowWebTree(subWeb.Url);
Console.WriteLine("############### Updating Web : " + web.ServerRelativeUrl + "###############");
for (int i = 0; i < web.Lists.Count; i++)
{
try
{
SPField permMaskField = web.Lists[i].Fields.GetFieldByInternalName("PermMask");
permMaskField.SchemaXml = UpdateSchema(permMaskField.SchemaXml);
permMaskField.Update();
Console.WriteLine("Updating List \"" + web.Lists[i].Title + "\" ......");
}
catch { }
}
}
});
}
Tags: