Why are the results different on Permission Check for my Custom Application?

the permission check is not what I expected.. so for an owner, both of these checks are true. but for say Manager, given the Can Create Map App permission is changed from the default, check1 returns false, check2 returns true.
Should the results both be true?

 public boolCanCreate(int userId, Guid containerTypeId, Guid containerId){
              PermissionCheck check1 = TEApi.Permissions.Get(UI.Permissions.MapAppPermissionRegistrar.CreateGroupMapApps, userId );
              PermissionCheck check2 = TEApi.Permissions.Get(UI.Permissions.MapAppPermissionRegistrar.CreateGroupMapApps, userId,containerId,containerTypeId, _entityPermissionType );
 
            return check1.IsAllowed || check2.IsAllowed;  
            
        }

a related post is here

heads up to Patrick M. Steven Heffner

Top Replies

Patrick M. over 3 years ago in reply to Harley Parks +2 verified

EntityType is going to be the contentTypeId or the applicationTypeId, the enum then defines which. The EntityId will be the ApplicationId or ContentId respectively. But no containers, you do not check…

Parents

0 Patrick M. over 3 years ago

Are you on version 9? There is no permission API that takes container Ids, its going to be the content or the application. If you are on version 9 there is a secondary issue in the fact your version is not supported any more and a new version of the permissions API was added in version 11. I highly recommend upgrading
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

yes.. afraid I am on 9.x so... I keep telling my people...
Looking forward to upgrading, hope your sales team is letting our leadership know we need to upgrade too.
we're up on our license, so there's not reason to not upgrade.

I totally get it. I understand it maybe too much to ask. you already saved us with your last post. thank you for that.

The overloads allowed for 'entityId' and entityTypeId, and then the entityPermissionType is application or content, so I using the application enum value option..

I didn't know what an entity could be...

since the method is check if the user can create an application, there is not an application Id yet. But I'll try passing null values see if it's just the application enum value that returns true.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Patrick M. over 3 years ago in reply to Harley Parks

EntityType is going to be the contentTypeId or the applicationTypeId, the enum then defines which. The EntityId will be the ApplicationId or ContentId respectively. But no containers, you do not check permissions against a container, it really is on an application, content based checks really will internally resolve up to applications. I generally prefer application over content if you already have reference to it but content works as well if that the context you are in.
Cancel
Vote Up +2 Vote Down

Sign in to reply

Reject Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

I wasn't catching errors.. but in debugging, I noticed it, and it seems the application type needs to be protected.. that maybe why i am seeing problems... it didn't error out at first but it is now.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Harley Parks
Ok.. having realized there was an error "the entity type is not secured" so I tried making the type id, private protected, but clearly I didn't figure it out. Because of the timing and we really need to upgrade, it looks like the NodePermissions.Get does the trick as well, without the error.. below is what I was working with.. for the "CanEdit". For "CanCreate" I'll try the NodePermission. Patrick brought to light the issue with the application or content id and types, which was on the issue... so the real solution is in his response.. and this is just a work around the error..
PermissionCheck _canEdit = TEApi.Permissions.Get(UI.Permissions.MapAppPermissionRegistrar.UpdateGroupMapApps, userId, applicationId, _applicationTypeId, _entityPermissionType).IsAllowed /***OR**/ PermissionEntry nodeCheck = TEApi.NodePermissions.Get("MapApps", applicationId, UI.Permissions.MapAppPermissionRegistrar.UpdateGroupMapApps.ToString());
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Patrick M. over 3 years ago in reply to Harley Parks

Not sure what you mean, ApplicationTypeId is just a guid, the property on your application type plugin has to be public, all of the interface members need to be
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Patrick M. over 3 years ago in reply to Harley Parks

Not sure what you mean, ApplicationTypeId is just a guid, the property on your application type plugin has to be public, all of the interface members need to be
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Harley Parks over 3 years ago in reply to Patrick M.

it must be something else... what would cause "the entity type is not secured" ? I'll try to follow the debug. maybe there is something in there that will help. Thought the NodePermissions method was working, but it was throwing an error (...security context name) as well.. can't find the "MapApps" which is the Category name for the application type... so not sure what the string is for this should be. the examples I have used "groups" as the application name. So it must be something I am setting.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Patrick M. over 3 years ago in reply to Harley Parks

Are you implementing ISecuredContentType?

ISecuredContentType Plugin Type
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

no. but I did implemented the RegisterApplicationSecurableId for this application you provide earlier.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Patrick M. over 3 years ago in reply to Harley Parks

Registering permissions is only part of the process, you need to also implement ISecurableContentType
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

ok. looking into it.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Harley Parks over 3 years ago in reply to Patrick M.

Ok.. looks like I need only to implement these parts for the MapContentType.

 #region SecuredContentType
        public Guid DefaultPermissionId => throw new NotImplementedException();

        public Guid DefaultContentPermissionId => throw new NotImplementedException();

        

        public Guid GetContentPermissionId(IContent content)
        {
            throw new NotImplementedException();
        }

        public Guid GetSecurableId(IContent content)
        {
            throw new NotImplementedException();
        }
 
        #endregion

0 Harley Parks over 3 years ago in reply to Harley Parks

so how's this look?

 #region SecuredContentType
      
        public Guid DefaultPermissionId = InternalApi.VerintDataService.DefaultPermissionId;

        public Guid DefaultContentPermissionId = InternalApi.VerintDataService.DefaultContentPermissionId;

        public Guid GetContentPermissionId(IContent content)
        {
           return content.ContentId;
        }

        public Guid GetSecurableId(IContent content)
        {
            return content.ContentId;
        }
 
        #endregion

0 Patrick M. over 3 years ago in reply to Harley Parks

You need to implement ISecuredContentType.Get, you should implement it explicitly so you do not collide with the IContentType version as this one must never do a permission check or you will end up in an infinite loop.

DefaultPermissionId should whatever your "Read/View" permission is.

GetSecurableId is the ApplicationId the content belongs to.

GetContentPermissionId/DefaultContentPermissionId should be the ContentTypeId
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Harley Parks over 3 years ago in reply to Patrick M.

Sorry, I am having problems with setting the explicit DefaultContentPermissionId and "implement ISecuredContentType.Get"
I'm using the IContent provided in the method as ISecuredContentType but I was expecting to get the default permission id. (you said use the contentTypeId so updated code below)

#region SecuredContentType  
        private static readonly Guid _readMapsId = InternalApi.VerintDataService.ReadMapsId;
       
        Guid ISecuredContentType.DefaultPermissionId { get { return _readMapsId; } }

        Guid ISecuredContentType.DefaultContentPermissionId { get { return _contentTypeId; } }

        public Guid DefaultContentPermissionId { get; private set; }
        public Guid DefaultPermissionId { get; private set; }
        public Guid GetContentPermissionId(IContent content)
        { 
            var securedContent  = content as ISecuredContentType;
            
            var contentPermissionId = securedContent.Get(DefaultPermissionId) ;

            return contentPermissionId.ContentTypeId;
        }

        public Guid GetSecurableId(IContent content)
        {
            return content.Application.ApplicationId;
        }
 
        #endregion

0 Harley Parks over 3 years ago in reply to Harley Parks

updated my reply and code in previous response
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel