Why are the results different on Permission Check for my Custom Application?


the permission check is not what I expected.. so for an owner, both of these checks are true. but for say Manager, given the Can Create Map App permission is changed from the default, check1 returns false, check2 returns true.
Should the results both be true?

 public boolCanCreate(int userId, Guid containerTypeId, Guid containerId){
              PermissionCheck check1 = TEApi.Permissions.Get(UI.Permissions.MapAppPermissionRegistrar.CreateGroupMapApps, userId );
              PermissionCheck check2 = TEApi.Permissions.Get(UI.Permissions.MapAppPermissionRegistrar.CreateGroupMapApps, userId,containerId,containerTypeId, _entityPermissionType );
 
            return check1.IsAllowed || check2.IsAllowed;  
            
        }


a related post is here

heads up to     

Parents
  • Are you on version 9?   There is no permission API that takes container Ids, its going to be the content or the application.   If you are on version 9 there is a secondary issue in the fact your version is not  supported any more and a new version of the permissions API was added in version 11.   I highly recommend upgrading

  • yes.. afraid I am on 9.x so... I keep telling my people... 
    Looking forward to upgrading, hope your sales team is letting our leadership know we need to upgrade too.
    we're up on our license, so there's not reason to not upgrade.

    I totally get it.  I understand it maybe too much to ask. you already saved us with your last post. thank you for that.

    The overloads allowed for 'entityId' and entityTypeId, and then the entityPermissionType is application or content, so I using the application enum value option.. 


    I didn't know what an entity could be... 

    since the method is check if the user can create an application, there is not an application Id yet.  But I'll try passing null values see if it's just the application enum value that returns true.

  • Testing with Owner and Manager.. good at the group level.

  • GetContentPermissionId is just the ContentTypeId as I mentioned earlier

  • So the Group application permissions are working. At the group level permissions set here apply to all Map Apps...
    The permissions on the application are not working... still have errors when using these, so I can't actually access these settings yet.  

    is the way to get the application permissions using  NodePermissions.Get and Permissions.Get ?

  • and if so, then how do I use what we setup to get the permission settings? for the nodePermission, the  application string is not found.. and then for the Permissions.Get the entity type is not secure... so not sure what to do next.

  • You really can't use NodePermissions here, you should be using the IPermissions api.   Have you tried going back to that since you have fixed everything else?


  • Reason for the node permission not being a great solution is it actually pre-dates permission extensibility so it is going to be very tied to core applications.

  • no I have not. I will work on that... hope I can figure it out this sprint... one more week.  ipermission api.. 

  • so this is the permission check that I tried, and it still has the "the entity type is not secure" error. 
    PermissionCheck check2 = TEApi.Permissions.Get(group_permissionId, userId, applicationId, mapApp.ApplicationTypeId, _entityPermissionType);

    is there anything I can do to fix this? override this? if so, what would that look like?

  • Ok digging deeper this is going to be another scenario where this method really does not support the extended permission model  and another reason why upgrading is going to be important.

    You can try using the content Id, so this would be an item in your application not the application and see if that will work(it should based on what I see).  If not it seems you are running into limitations that are alleviated in later product versions.

  • yes, I believe at version 9.x, adding our own applications was considered a new capability, and many things were to be improved in 10.x 
    Actually, developed my first iteration of this project on version 10.. but we didn't upgrade to allow us to migrate to Amazon, so had to build the project in 9.x. 

    I will try using content id's and post results on this thread.

    For the most part, at least I have the permissions laid out nicely and the defaults are shown for each role for both group and application.

    I will include the group level permission settings for the content, that way, I can at least have group level permissions checks. Then when we can, add the application level permission checks when available, and also try using the content Id.

    if you think of anything, I'll be happy to work thru this too.

    Thank you so much for your help. 

Reply
  • yes, I believe at version 9.x, adding our own applications was considered a new capability, and many things were to be improved in 10.x 
    Actually, developed my first iteration of this project on version 10.. but we didn't upgrade to allow us to migrate to Amazon, so had to build the project in 9.x. 

    I will try using content id's and post results on this thread.

    For the most part, at least I have the permissions laid out nicely and the defaults are shown for each role for both group and application.

    I will include the group level permission settings for the content, that way, I can at least have group level permissions checks. Then when we can, add the application level permission checks when available, and also try using the content Id.

    if you think of anything, I'll be happy to work thru this too.

    Thank you so much for your help. 

Children
No Data