Create Security Groups and Assign Permissions in SharePoint 2013

Here is a fun little helper for creating security groups with a permission assignment.
I use the word fun because I have been working with SharePoint too long and my brain now works in reverse.

/// <summary>

    /// Security Helper

    /// </summary>

    public class SecurityHelper

    {

        public static bool GroupExists(SPGroupCollection groups, string name)

        {

            if (String.IsNullOrEmpty(name) || (name.Length > 255) ||(groups == null) || (groups.Count == 0))

            {

                return false;

            }

            return groups.Cast<SPGroup>().FirstOrDefault(t => t.Name == name) != null;

        }

        /// <summary>

        /// Creates a group if it does not exist.  It will also assign a permission level to the group.

        /// </summary>

        /// <param name="web"></param>

        /// <param name="groupName"></param>

        /// <param name="permissionLevel"></param>

        /// <param name="description"></param>

        /// <param name="owner"></param>

        /// <returns>The Group</returns>

        public static SPMember CreateGroup(SPWeb web, string groupName, string permissionLevel, string description, SPMember owner = null)

        {

            string uniqueGroupName = String.Format("{0} - {1}", web.Name, groupName);

            if (!GroupExists(web.SiteGroups, uniqueGroupName))

            {

                var role = web.RoleDefinitions.Cast<SPRoleDefinition>().FirstOrDefault(t => t.Name == permissionLevel);

                if (role == null)

                {

                    throw new KeyNotFoundException(String.Format("The Security Permission level {0} does not exist at web {1}.", permissionLevel, web.Url));

                }

                if (owner == null)

                {

                    owner = web.CurrentUser;

                }

                web.SiteGroups.Add(uniqueGroupName, owner, null, description);

                SPGroup group = web.SiteGroups.GetByName(uniqueGroupName);

                var assignment = new SPRoleAssignment(@group);

                assignment.RoleDefinitionBindings.Add(role);

                web.RoleAssignments.Add(assignment);

            }

            return web.SiteGroups.GetByName(uniqueGroupName);

        }

    }

Breaking permissions with SharePoint 2013 & CSOM

Lately I've been doing a lot of work with the Client Side Object Model for SharePoint 2013.  While I have been able to do most things we used to, in the dark days of server side development. However one thing didn't seem to work right, Web.BreakRoleInheritance(bool, bool).
Along the lines of:

web.BreakRoleInheritance(true, true);
clientContext.ExecuteQuery();

Passing the first parameter states the call should break permissions at the web level and copy existing RoleAssignments.  However, I could not get this to work.  Every time the assignments where gone.  Regardless of the values I passed.

The fallback option was to devolve, create a feature with server side code, which looks pretty much identical.  I then call the feature activation automatically through my CSOM service.

public override void FeatureActivated(SPFeatureReceiverProperties properties)
        {
            try
            {
                var web = (SPWeb) properties.Feature.Parent;
                SPSecurity.RunWithElevatedPrivileges(() =>
                {
                    using (var site = new SPSite(web.Site.ID))
                    {
                        using (SPWeb elevatedWeb = site.OpenWeb(web.ID))
                        {
                            elevatedWeb.BreakRoleInheritance(true, true);
                        }
                    }
                   
                });
            }
            catch (Exception ex)
            {
                LogService.LogException(LogCategory.FeatureReceiver, ex);
                throw;
            }
        }

And that worked as expected, role assignments had been copied through from the parent.

Search service lost SQL permission

Summary

While working with Result Sources in a site collection, I got that wonderful "Something went wrong" error. The ULS showed a bunch of SQL execute permission errors on the search database.  The solution was to update the SQL permissions for the search service.  It was not obvious why the permissions where lost in the first place.

Symptoms

ULS Error events such as:

System.Data.SqlClient.SqlException (0x80131904): The EXECUTE permission was denied on the object 'proc_MSS_GetLease', database 'SP2013_DEV__SA_Search'

…and other SQL permission errors.

Fix

Grant SPSearchDBAdmin role to the search service account on the Search database.  (SQL Server Permissions)

Thoughts

Just before this occurred I had updated permissions of the Search Service Application in Central Admin.  I had added my user account.  Can't see how this would have caused it however.

Content classification approach for SharePoint 2013 / Office365

I had a request to implement a classification system for SharePoint 2013 sites.  This needed to work with Office 365 and On Premise so farm solutions are a no go.  My company gave permission to make this public so here goes.

The process to use this consists of:

1. Update property bag values on your site collection's root web
2. Upload the Classify.js to the site collection
3. Add a reference to the JS in the master page

For all the detailed information and downloadable scripts visit my Wiki.

TimeStamps with Entity Framework

So I've been building an MVC 5, EF6 solution with Code First Migrations.
Got what I think is a great structure of abstraction thanks to Le Long's Post.

One thing that wasn't obvious (to me at least), was how to handle concurrency with EF and the Scaffolded Views.
When editing an object, the TimeStamp was never returned, and of course EF would throw a "DbUpdateConcurrencyException".

Here is a solution that worked for me:

1. Create a base entity class with a TimeStamp on it
2. Add the attributes: [Timestamp, ScaffoldColumn(false)]
3. Edit the MVC View and add a hidden field for the timestamp

Base Class and Attributes
I defined a base class for all entities requiring concurrency.
public abstract class PersistedEntity : EntityBase
{
        [Timestamp, ScaffoldColumn(false)]
        public byte[] TimeStamp { get; set; }
}

MVC View
I found that the view did not by itself return the TimeStamp with the model when posting data back to the server.  So I added this after the @Html.BeginForm():
@Html.HiddenFor(model => model.TimeStamp)

It was then returned back to the server, and the entity could be saved correctly.

Knockout-Kendo Grid pager not updating

While using Knockout and KendoUI I came across a paging issue.  The pager wouldn't update but the grid rows did.  This only occurred with Internet Explorer and I was able to reproduce it with IE 9 and 11.
In Chrome the pager updated fine.

In the end, the fix was to detect when the data had changed then refresh the pager.

In my javascript I used:

ui.tasksUpdated = function () {
            var element = $("#grid");
            var grid = element.data('kendoGrid');
            grid.pager.setDataSource(grid.dataSource);
            grid.pager.refresh();
            grid.refresh();
}

Strictly speaking I don't think the 2 refresh methods are needed as it seems that the setDataSource method does it all.

SP2013 Error - [Forced due to logging gap, Original Level: Verbose] GetUriScheme (...)

I found an issue with a clients SharePoint 2013 today and thought I'd share.

Symptoms

• High CPU on w3wp process
• Pages (including system pages) would not load and eventually error after a few minutes
• No obvious error message in logs

What I did find in the ULS logs was:

[Forced due to logging gap, Original Level: Verbose] GetUriScheme(/web/Pages/Apage.aspx)

Cause

Something in that page was keeping SharePoint busy.  I don't know what it was as it had been created by someone else.  It felt like an infinite loop error, but who knows....

Fix

Delete the file.  (Had to check in the file first).

Made some simple scripts to help.

• Dir-SPFile (Show files in a list)
• CheckIn-SPFile (Checks in the specified file)
• Del-SPFile (Deletes the file.  No confirmation required)

Dir-SPFile

#Script: Dir-SPFile
#Usage: .\Dir-SPFile.ps1 http://my2013site Pages
param (
$webUrl = $(throw "Please specify parameter webUrl"),
$listName = $(throw "Please specify parameter listName")
)
$web = Get-SPWeb $webUrl -Limit all
if($web -ne $null)
{
$web.Lists[$listName].Items | ft Id, Title, Url
}
else
{
throw 'Unable to locate site ' + $webUrl
}

CheckIn-SPFile

#Script: CheckIn-SPFile
#Usage: .\CheckIn-SPFile.ps1 http://my2013site /Pages/SomePage.aspx
param (
$webUrl = $(throw "Please specify parameter webUrl"),
$fileUrl = $(throw "Please specify parameter fileUrl")
)


$web = Get-SPWeb $webUrl -Limit all
if($web -ne $null)
{
$file = $web.GetFile($webUrl + $fileUrl)
if($file -eq $null -or !$file.Exists)
{
throw 'Unable to locate file ' + $webUrl + $fileUrl
}
if($file.CheckedOutBy -eq $null)
{
throw 'file ' + $webUrl + $fileUrl + " is already checked in"
}
$file.CheckIn('Forced Checkin');
"Complete - $webUrl $fileUrl Checked In"
}
else
{
throw 'Unable to locate site ' + $webUrl
}

Del-SPFile

#Script: Del-SPFile

#Usage: .\Del-SPFile.ps1 http://my2013site /Pages/SomePage.aspx

param (

$webUrl = $(throw "Please specify parameter webUrl"),

$fileUrl = $(throw "Please specify parameter fileUrl")

)

$web = Get-SPWeb $webUrl -Limit all

if($web -ne $null)

{

$file = $web.GetFile($webUrl + $fileUrl)

if($file -eq $null -or !$file.Exists)

{

throw 'Unable to locate file ' + $webUrl + $fileUrl

}

$file.Delete();

"Complete - $webUrl $fileUrl Deleted"

}

else

{

throw 'Unable to locate site ' + $webUrl

}