From f6e7740c931ca8d20c287f32871486926ca5f53b Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Fri, 11 Oct 2019 15:07:32 +0200
Subject: [PATCH] Use all assigned groups and explicit permission assignments
 when calculating available actions for a given node

---
 src/Umbraco.Core/Services/UserServiceExtensions.cs | 12 ++++++++++++
 src/Umbraco.Web/Actions/ActionCollection.cs        | 10 ----------
 src/Umbraco.Web/Editors/ContentController.cs       |  4 ++--
 src/Umbraco.Web/Trees/ContentTreeController.cs     |  4 ++--
 src/Umbraco.Web/Trees/ContentTreeControllerBase.cs |  4 ++--
 5 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/src/Umbraco.Core/Services/UserServiceExtensions.cs b/src/Umbraco.Core/Services/UserServiceExtensions.cs
index 31c446352e..82cab07b25 100644
--- a/src/Umbraco.Core/Services/UserServiceExtensions.cs
+++ b/src/Umbraco.Core/Services/UserServiceExtensions.cs
@@ -104,5 +104,17 @@ namespace Umbraco.Core.Services
 
             return found;
         }
+
+        /// <summary>
+        /// Gets the concrete assigned permissions for the provided user and node
+        /// </summary>
+        /// <param name="userService"></param>
+        /// <param name="user"></param>
+        /// <param name="nodeId"></param>
+        internal static string[] GetAssignedPermissions(this IUserService userService, IUser user, int nodeId)
+        {
+            var permissionCollection = userService.GetPermissions(user, nodeId);
+            return permissionCollection.SelectMany(c => c.AssignedPermissions).Distinct().ToArray();
+        }
     }
 }
diff --git a/src/Umbraco.Web/Actions/ActionCollection.cs b/src/Umbraco.Web/Actions/ActionCollection.cs
index 89ac8a59f4..95d7b02e90 100644
--- a/src/Umbraco.Web/Actions/ActionCollection.cs
+++ b/src/Umbraco.Web/Actions/ActionCollection.cs
@@ -28,15 +28,5 @@ namespace Umbraco.Web.Actions
                 .WhereNotNull()
                 .ToList();
         }
-
-        internal IReadOnlyList<IAction> FromEntityPermission(EntityPermission entityPermission)
-        {
-            var actions = this.ToArray(); // no worry: internally, it's already an array
-            return entityPermission.AssignedPermissions
-                .Where(x => x.Length == 1)
-                .SelectMany(x => actions.Where(y => y.Letter == x[0]))
-                .WhereNotNull()
-                .ToList();
-        }
     }
 }
diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index 9d5af028e3..2aa0383a36 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -1679,9 +1679,9 @@ namespace Umbraco.Web.Editors
                 throw new HttpResponseException(response);
             }
 
-            var permission = Services.UserService.GetPermissions(Security.CurrentUser, node.Path);
+            var assignedPermissions = Services.UserService.GetAssignedPermissions(Security.CurrentUser, node.Id);
 
-            if (permission.AssignedPermissions.Contains(ActionAssignDomain.ActionLetter.ToString(), StringComparer.Ordinal) == false)
+            if (assignedPermissions.Contains(ActionAssignDomain.ActionLetter.ToString(), StringComparer.Ordinal) == false)
             {
                 var response = Request.CreateResponse(HttpStatusCode.BadRequest);
                 response.Content = new StringContent("You do not have permission to assign domains on that node.");
diff --git a/src/Umbraco.Web/Trees/ContentTreeController.cs b/src/Umbraco.Web/Trees/ContentTreeController.cs
index 970191e510..9c5333ae2a 100644
--- a/src/Umbraco.Web/Trees/ContentTreeController.cs
+++ b/src/Umbraco.Web/Trees/ContentTreeController.cs
@@ -124,8 +124,8 @@ namespace Umbraco.Web.Trees
                 menu.DefaultMenuAlias = ActionNew.ActionAlias;
 
                 // we need to get the default permissions as you can't set permissions on the very root node
-                var permission = Services.UserService.GetPermissions(Security.CurrentUser, Constants.System.Root).First();
-                var nodeActions = _actions.FromEntityPermission(permission)
+                var assignedPermissions = Services.UserService.GetAssignedPermissions(Security.CurrentUser, Constants.System.Root);
+                var nodeActions = _actions.GetByLetters(assignedPermissions)
                     .Select(x => new MenuItem(x));
 
                 //these two are the standard items
diff --git a/src/Umbraco.Web/Trees/ContentTreeControllerBase.cs b/src/Umbraco.Web/Trees/ContentTreeControllerBase.cs
index 015c91cb81..3e06eb975c 100644
--- a/src/Umbraco.Web/Trees/ContentTreeControllerBase.cs
+++ b/src/Umbraco.Web/Trees/ContentTreeControllerBase.cs
@@ -442,8 +442,8 @@ namespace Umbraco.Web.Trees
 
         internal IEnumerable<MenuItem> GetAllowedUserMenuItemsForNode(IUmbracoEntity dd)
         {
-            var permission = Services.UserService.GetPermissions(Security.CurrentUser, dd.Path);
-            return Current.Actions.FromEntityPermission(permission).Select(x => new MenuItem(x));
+            var assignedPermissions = Services.UserService.GetAssignedPermissions(Security.CurrentUser, dd.Id);
+            return Current.Actions.GetByLetters(assignedPermissions).Select(x => new MenuItem(x));
         }
 
         /// <summary>