Sharepoint : Access denied when editing a page (because of page layout) or list item

Question

I'm logged in as the System Account, so it's probably not a "real access denied"! What I've done : - A custom master page - A custom page layout from a custom content type (with custom fields)

If I add a custom field (aka "content field" in the tools in SPD) in my page layout, I get an access denied when I try to edit a page that comes from that page layout.

So, for example, if I add in my page layout this line in a "asp:content" tag : I get an access denied. If I remove it, everyting is fine. (the field "test" is a field that comes from the content type).

Any idea?

UPDATE

Well, I tried in a blank site and it worked fine, so there must be something wrong with my web application :(

UPDATE #2

Looks like this line in the master page gives me the access denied :

<SharePoint:DelegateControl runat="server" ControlId="PublishingConsole" Visible="false"
    PrefixHtml="&lt;tr&gt;&lt;td colspan=&quot;0&quot; id=&quot;mpdmconsole&quot; class=&quot;s2i-consolemptablerow&quot;&gt;"
    SuffixHtml="&lt;/td&gt;&lt;/tr&gt;"></SharePoint:DelegateControl>

UPDATE #3

I Found http://odole.wordpress.com/2009/01/30/access-denied-error-message-while-editing-properties-of-any-document-in-a-moss-document-library/

Looks like a similar issue. But our Sharepoint versions are with the latest updates. I'll try to use the code that's supposed to fix the lists and post another update.

** UPDATE #4**

OK... I tried the code that I found on the page above (see link) and it seems to fix the thing. I haven't tested the solution at 100% but so far, so good. Here's the code I made for a feature receiver (I used the code posted from the link above) :

using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.SharePoint;

using System.Xml;

namespace MyWebsite.FixAccessDenied
{
    class FixAccessDenied : SPFeatureReceiver
    {
        public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            FixWebField(SPContext.Current.Web);
        }

        public override void FeatureDeactivating(SPFeatureReceiverProperties properties)
        {
            //throw new Exception("The method or operation is not implemented.");
        }

        public override void FeatureInstalled(SPFeatureReceiverProperties properties)
        {
            //throw new Exception("The method or operation is not implemented.");
        }

        public override void FeatureUninstalling(SPFeatureReceiverProperties properties)
        {
            //throw new Exception("The method or operation is not implemented.");
        }

        static void FixWebField(SPWeb currentWeb)
        {

            string RenderXMLPattenAttribute = "RenderXMLUsingPattern";

            SPSite site = new SPSite(currentWeb.Url);
            SPWeb web = site.OpenWeb();

            web.AllowUnsafeUpdates = true;
            web.Update();

            SPField f = web.Fields.GetFieldByInternalName("PermMask");
            string s = f.SchemaXml;
            Console.WriteLine("schemaXml before: " + s);
            XmlDocument xd = new XmlDocument();
            xd.LoadXml(s);
            XmlElement xe = xd.DocumentElement;
            if (xe.Attributes[RenderXMLPattenAttribute] == null)
            {
                XmlAttribute attr = xd.CreateAttribute(RenderXMLPattenAttribute);
                attr.Value = "TRUE";
                xe.Attributes.Append(attr);
            }

            string strXml = xe.OuterXml;
            Console.WriteLine("schemaXml after: " + strXml);
            f.SchemaXml = strXml;

            foreach (SPWeb sites in site.AllWebs)
            {
                FixField(sites.Url);
            }

        }

        static void FixField(string weburl)
        {
            string RenderXMLPattenAttribute = "RenderXMLUsingPattern";

            SPSite site = new SPSite(weburl);
            SPWeb web = site.OpenWeb();
            web.AllowUnsafeUpdates = true;
            web.Update();

            System.Collections.Generic.IList<Guid> guidArrayList = new System.Collections.Generic.List<Guid>();

            foreach (SPList list in web.Lists)
            {
                guidArrayList.Add(list.ID);
            }

            foreach (Guid guid in guidArrayList)
            {
                SPList list = web.Lists[guid];
                SPField f = list.Fields.GetFieldByInternalName("PermMask");
                string s = f.SchemaXml;
                Console.WriteLine("schemaXml before: " + s);
                XmlDocument xd = new XmlDocument();
                xd.LoadXml(s);
                XmlElement xe = xd.DocumentElement;
                if (xe.Attributes[RenderXMLPattenAttribute] == null)
                {
                    XmlAttribute attr = xd.CreateAttribute(RenderXMLPattenAttribute);
                    attr.Value = "TRUE";
                    xe.Attributes.Append(attr);
                }
                string strXml = xe.OuterXml;
                Console.WriteLine("schemaXml after: " + strXml);
                f.SchemaXml = strXml;
            }

        }

    }
}

Just put that code as a Feature Receiver, and activate it at the root site, it should loop trough all the subsites and fix the lists.

SUMMARY

You get an ACCESS DENIED when editing a PAGE or an ITEM

You still get the error even if you're logged in as the Super Admin of the f****in world (sorry, I spent 3 days on that bug)

For me, it happened after an import from another site definition (a cmp file)

Actually, it's supposed to be a known bug and it's supposed to be fixed since February 2009, but it looks like it's not.

The code I posted above should fix the thing.

Answer 1

Try to publish your MasterPage and Page Layouts, this is the most common reason. Since the system account is godmode, it wont get that error.

In SharePoint Designer you cannot do the last step in the publishing workflow (Approval), so you:

SharePoint Designer:
CheckIn => Publish Major Version, hit the OK button or go to /_catalogs/masterpage on the site .

Then and use the Context Menu to Approve the MasterPage and Layouts.

Answer 2

Some ideas:

• Check if any web parts in your custom Page Layout and Master Page are not registered as safe.
• Did you define your own custom field type, like write a class which extends SPField? If so, are you using a custom Field Control? If you are, check if it is doing anything which may need elevated privileges.
• Likewise, check for any edit mode panels containing web parts of web controls which might be trying to do something which needs elevated privileges.

Answer 3

See the code I've posted in the edit of the post. It fixed my problem.

Answer 4

The problem appears to be caused by an error in the stsadm -o export function in certain versions of SharePoint (I got it doing an export from a 2007 RTM MOSS server). Importing the bogus export file causes the "edit-denied-access" problem in all NEWLY-CREATED lists. The patches for later version from Microsoft fix stsadm -o export, but DO NOT FIX the broken lists; that requires a procedure like tinky05's.