Why are the results different on Permission Check for my Custom Application?

Are you on version 9?   There is no permission API that takes container Ids, its going to be the content or the application.   If you are on version 9 there is a secondary issue in the fact your version is not  supported any more and a new version of the permissions API was added in version 11.   I highly recommend upgrading

yes.. afraid I am on 9.x so... I keep telling my people... 
Looking forward to upgrading, hope your sales team is letting our leadership know we need to upgrade too.
we're up on our license, so there's not reason to not upgrade.

I totally get it.  I understand it maybe too much to ask. you already saved us with your last post. thank you for that.

The overloads allowed for 'entityId' and entityTypeId, and then the entityPermissionType is application or content, so I using the application enum value option.. 

I didn't know what an entity could be... 

since the method is check if the user can create an application, there is not an application Id yet.  But I'll try passing null values see if it's just the application enum value that returns true.

You may be right as to call me out on the correctness.. I think it's fully implemented however.
Here are the entities for Map and MapApp are here:

namespace CommunityMap.PublicApi.Entities
{
     
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

using Telligent.Evolution.Extensibility.Api.Entities.Version1;
using Telligent.Evolution.Extensibility.Api.Version1;
using Telligent.Evolution.Extensibility.Content.Version1;

using Telligent.Evolution.Extensibility;

using System.Runtime.CompilerServices;
using mapModels = CommunityMap.Core.Models;
using System.ComponentModel.DataAnnotations;
using CommunityMap.InternalApi;


    public class Map : ApiEntity, IContent
    {
        private InternalApi.Entities.VerintMap _map = new InternalApi.Entities.VerintMap();
         
        #region ApiEntity
        public Map() : base() { }
        public Map(AdditionalInfo additionalInfo) : base(additionalInfo) { }
        public Map(IList<Warning> warnings, IList<Error> errors) : base(warnings, errors) { }
        internal Map(InternalApi.Entities.VerintMap map) : base() { _map = map; }
        #endregion
        #region IContent
        internal InternalApi.Entities.VerintMapApp cmapapp { get { return InternalApi.VerintDataService.GetVerintMapAppApplication(_map.MapTypeId); } }
        public MapApp mapapp { get { return new MapApp(cmapapp); } }
        public IApplication Application { get { return MapApps.Get(_map.MapTypeId); } }
        public string Name { get { return _map.Title; } }
        public string Title { get { return _map.Title; } }
        public string Description { get { return _map.Description; } }
        public string AvatarUrl { get { return _map.ThumbnailUrl; } }
        public string ThumbnailUrl { get { return _map.ThumbnailUrl; } }
        public int Id { get { return _map.Id; } }
        public int ObjectId { get { return _map.Id; } }
        public Guid MapId { get { return _map.MapId; } }
        public Guid MapTypeId { get { return _map.MapTypeId; } }
        public string MapOptions { get { return _map.MapOptions; } }
        public Guid ContentId { get { return _map.MapId; } }
        public Guid ContentTypeId { get { return _map.MapTypeId; } }
        public int? CreatedByUserId { get { return _map.CreateByUserId.Value; } }
        public DateTime CreatedDate { get { return _map.CreateUtcDate.HasValue ? _map.CreateUtcDate.Value : DateTime.UtcNow; } }
        public int? ModifiedByUserId { get { return _map.ModifiedByUserId.Value; } }
        public DateTime ModifiedDate { get { return _map.ModifiedUtcDate.HasValue ? _map.ModifiedUtcDate.Value : DateTime.UtcNow; } }
        public bool IsEnabled { get { return true; } }
        public bool IsIndexed { get { return _map.IsIndexed; } }
        public int MapAppId { get { return mapapp.ObjectId; } }
        public string Url { get { return mapapp.Url +  _map.MapId.ToString(); } }

        public string HtmlDescription(string target) { return _map.Description; }

        public string HtmlName(string target) { return _map.Title; }
        #endregion
    }
}

namespace CommunityMap.PublicApi.Entities
{
    using System;
    using System.Collections.Generic;

    using System.Linq;
    using System.Text;
    using System.Threading.Tasks;

    using Telligent.Evolution.Extensibility.Api.Entities.Version1;
    using Telligent.Evolution.Extensibility.Api.Version1;
    using Telligent.Evolution.Extensibility.Content.Version1;

    using Telligent.Evolution.Extensibility;

    using System.Runtime.CompilerServices;
    using mapModels = CommunityMap.Core.Models;
    using System.ComponentModel.DataAnnotations;
    
    using TEApi = Telligent.Evolution.Extensibility.Api.Version1.PublicApi;

    public class MapApp : ApiEntity, IApplication
    {
        private CommunityMap.InternalApi.Entities.VerintMapApp _MapApp = new InternalApi.Entities.VerintMapApp();


        #region ApiEntity
        public MapApp() : base() { }
        public MapApp(AdditionalInfo additionalInfo) : base(additionalInfo) { }
        public MapApp(IList<Warning> warnings, IList<Error> errors) : base(warnings, errors) { }
        internal MapApp(InternalApi.Entities.VerintMapApp MapApp) : base() { _MapApp = MapApp; }

        #endregion

        #region IApplication
        public string Name { get { return _MapApp.Name; } }
        public string Description { get { return _MapApp.Description;  } }
        public Guid Id { get { return _MapApp.ApplicationId; } }
        public int ObjectId { get { return _MapApp.Id; } }
        public Guid ApplicationId { get { return _MapApp != null && _MapApp.ApplicationId != null ? _MapApp.ApplicationId : Guid.Empty; } }

        public Guid ApplicationTypeId { get { return _MapApp != null && _MapApp.ApplicationTypeId.HasValue ? _MapApp.ApplicationTypeId.Value : Guid.Empty; } }

        public string AvatarUrl { get { return _MapApp.AvatarUrl; } }
        public string SafeName { get { return _MapApp.SafeName; } }
        public IContainer Container
        {
            get
            {
                GroupsGetOptions groupOpt = new GroupsGetOptions();
                groupOpt.Id = _MapApp != null ? _MapApp.GroupId : -1;
                if (groupOpt.Id > 0)
                {
                    return Apis.Get<IGroups>().Get(groupOpt);
                }
                return Apis.Get<IGroups>().Root;
            }
        }
        public Group Group
        {
            get
            {
                if (object.ReferenceEquals(null, _MapApp)) { return null; }
                GroupsGetOptions groupOpt = new GroupsGetOptions();
                groupOpt.Id = _MapApp.GroupId;
                if (groupOpt.Id > 0)
                {
                    Group group = Apis.Get<IGroups>().Get(groupOpt);
                    return group;
                }
                Group groupRoot = Apis.Get<IGroups>().Root;
                return groupRoot;
            }
        }

        internal static MapApp Get(Guid applicationId)
        {

            InternalApi.Entities.VerintMapApp vma = InternalApi.VerintDataService.GetVerintMapAppApplication(applicationId);

            return new MapApp(vma);
        }

        internal static MapApp Get(string MapAppName)
        {

            throw new NotImplementedException();
        }

        internal static MapApp Get(int groupId, string MapAppName)
        {
            MapApp MapApp = new MapApp();
            MapApp = InternalApi.VerintDataService.GetMapAppByGroupId_Name(groupId, MapAppName, null);
            return MapApp;
        }

        public bool IsEnabled { get { return _MapApp.IsEnabled != null ? _MapApp.IsEnabled.Value : false; } }

        public string Url
        {
            get
            {
                string safeUrl = this.Group.Url + "mapapps/" + _MapApp.SafeName + "/maps/"; 
                
                return safeUrl;
            }
        }

        public string HtmlDescription(string target) { return _MapApp.HtmlDescription(target.ToLower()); }

        public string HtmlName(string target) { return _MapApp.HtmlName(target.ToLower()); }
        #endregion
    }



}

So I guess I am no longer sure where the confusion is.   You IContent.Get would get one of your Map objects by contentId.  Then you need IContent ISecuredContentType.Get(contentId)   it HAS to be defined  like this(explicit) so the platform only uses this version of Get in the subsystem for security.

IContent.Get could potentially have security implemented(thats up to you), the Secured version cannot check at all.  If neither of these do then they can be the same but I don't really recommend it.

Adding the IContent ISecuredContentType.Get.. please note the change to the code to pull the actual content or map, instead of just the new content..

 
   public IContent Get(Guid contentId) {
            IContent map = PublicApi.Maps.Get(contentId);
            //PublicApi.Entities.Map map = new PublicApi.Entities.Map();
            return map;
        }
         IContent ISecuredContentType.Get(Guid contentId) {
            IContent map = PublicApi.Maps.Get(contentId);
            //PublicApi.Entities.Map map = new PublicApi.Entities.Map();
            return map;
        }

I don't see anything wrong...though I can only assume your calls work 

I build it and checking it runs now..
this below code  doesn't look right to me...

   public Guid GetContentPermissionId(IContent content)
        {
            
            var securedContent  = content as ISecuredContentType;
            
            var contentPermissionId = securedContent.DefaultPermissionId  ;

            return contentPermissionId;
        }

        public Guid GetSecurableId(IContent content)
        {
            return content.Application.ApplicationId;
        }

ok. I didn't break anything, but didn't fix anything either.
what's next?

umm.. it looks like the permissions for the group level are working.. on the management panel..
below, gapplicationId is the group application id. then the permissionId is for the my group delete map app id.
the test is shown below, this is using a 'managers' login, and the  image shows the delete button was disabled for the application.. 
that's progress! 
 

//using the group application id
PermissionEntry nodeCheck1 = TEApi.NodePermissions.Get("groups", gapplicationId, permissionId.ToString());

reverted the permissions for manager and... 

what do you think?

it is a little bit hit and miss right now. 
if the Group Create Map App is not selected the manager cannot get to the applications list. But in the management panel, if the manager say can create blogs, then all existing applications (Map Apps) are listed, and the other options for Map Apps are seen (disable, delete, edit, view ). 

I will try to use a different permissions and nodePermissions overloads. this is closer than I was yesterday. 

Thank you again.

it is a little bit hit and miss right now. 
if the Group Create Map App is not selected the manager cannot get to the applications list. But in the management panel, if the manager say can create blogs, then all existing applications (Map Apps) are listed, and the other options for Map Apps are seen (disable, delete, edit, view ). 

I will try to use a different permissions and nodePermissions overloads. this is closer than I was yesterday. 

Thank you again.

Testing with Owner and Manager.. good at the group level.