Why are the results different on Permission Check for my Custom Application?

the permission check is not what I expected.. so for an owner, both of these checks are true. but for say Manager, given the Can Create Map App permission is changed from the default, check1 returns false, check2 returns true.
Should the results both be true?

 public boolCanCreate(int userId, Guid containerTypeId, Guid containerId){
              PermissionCheck check1 = TEApi.Permissions.Get(UI.Permissions.MapAppPermissionRegistrar.CreateGroupMapApps, userId );
              PermissionCheck check2 = TEApi.Permissions.Get(UI.Permissions.MapAppPermissionRegistrar.CreateGroupMapApps, userId,containerId,containerTypeId, _entityPermissionType );
 
            return check1.IsAllowed || check2.IsAllowed;  
            
        }

a related post is here

heads up to Patrick M. Steven Heffner

Top Replies

Patrick M. over 3 years ago in reply to Harley Parks +2 verified

EntityType is going to be the contentTypeId or the applicationTypeId, the enum then defines which. The EntityId will be the ApplicationId or ContentId respectively. But no containers, you do not check…

Parents

0 Patrick M. over 3 years ago

Are you on version 9? There is no permission API that takes container Ids, its going to be the content or the application. If you are on version 9 there is a secondary issue in the fact your version is not supported any more and a new version of the permissions API was added in version 11. I highly recommend upgrading
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

yes.. afraid I am on 9.x so... I keep telling my people...
Looking forward to upgrading, hope your sales team is letting our leadership know we need to upgrade too.
we're up on our license, so there's not reason to not upgrade.

I totally get it. I understand it maybe too much to ask. you already saved us with your last post. thank you for that.

The overloads allowed for 'entityId' and entityTypeId, and then the entityPermissionType is application or content, so I using the application enum value option..

I didn't know what an entity could be...

since the method is check if the user can create an application, there is not an application Id yet. But I'll try passing null values see if it's just the application enum value that returns true.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Harley Parks

Testing with Owner and Manager.. good at the group level.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Patrick M. over 3 years ago in reply to Harley Parks

GetContentPermissionId is just the ContentTypeId as I mentioned earlier
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

So the Group application permissions are working. At the group level permissions set here apply to all Map Apps...
The permissions on the application are not working... still have errors when using these, so I can't actually access these settings yet.

is the way to get the application permissions using NodePermissions.Get and Permissions.Get ?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Harley Parks

and if so, then how do I use what we setup to get the permission settings? for the nodePermission, the application string is not found.. and then for the Permissions.Get the entity type is not secure... so not sure what to do next.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Patrick M. over 3 years ago in reply to Harley Parks

You really can't use NodePermissions here, you should be using the IPermissions api. Have you tried going back to that since you have fixed everything else?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Patrick M. over 3 years ago in reply to Patrick M.

Reason for the node permission not being a great solution is it actually pre-dates permission extensibility so it is going to be very tied to core applications.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

no I have not. I will work on that... hope I can figure it out this sprint... one more week. ipermission api..
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Harley Parks

so this is the permission check that I tried, and it still has the "the entity type is not secure" error.
PermissionCheck check2 = TEApi.Permissions.Get(group_permissionId, userId, applicationId, mapApp.ApplicationTypeId, _entityPermissionType);

is there anything I can do to fix this? override this? if so, what would that look like?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Patrick M. over 3 years ago in reply to Harley Parks

Ok digging deeper this is going to be another scenario where this method really does not support the extended permission model and another reason why upgrading is going to be important.

You can try using the content Id, so this would be an item in your application not the application and see if that will work(it should based on what I see). If not it seems you are running into limitations that are alleviated in later product versions.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Harley Parks over 3 years ago in reply to Patrick M.

yes, I believe at version 9.x, adding our own applications was considered a new capability, and many things were to be improved in 10.x
Actually, developed my first iteration of this project on version 10.. but we didn't upgrade to allow us to migrate to Amazon, so had to build the project in 9.x.

I will try using content id's and post results on this thread.

For the most part, at least I have the permissions laid out nicely and the defaults are shown for each role for both group and application.

I will include the group level permission settings for the content, that way, I can at least have group level permissions checks. Then when we can, add the application level permission checks when available, and also try using the content Id.

if you think of anything, I'll be happy to work thru this too.

Thank you so much for your help.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Harley Parks over 3 years ago in reply to Patrick M.

yes, I believe at version 9.x, adding our own applications was considered a new capability, and many things were to be improved in 10.x
Actually, developed my first iteration of this project on version 10.. but we didn't upgrade to allow us to migrate to Amazon, so had to build the project in 9.x.

I will try using content id's and post results on this thread.

For the most part, at least I have the permissions laid out nicely and the defaults are shown for each role for both group and application.

I will include the group level permission settings for the content, that way, I can at least have group level permissions checks. Then when we can, add the application level permission checks when available, and also try using the content Id.

if you think of anything, I'll be happy to work thru this too.

Thank you so much for your help.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data