From b26709b0afb07d12419874bcd53982b2fa65b04f Mon Sep 17 00:00:00 2001
From: Dave Woestenborghs <dave.woestenborghs@gmail.com>
Date: Thu, 19 Oct 2023 03:30:35 +0200
Subject: [PATCH] Fix permissions for assign hostname (#14896)

* Fix permissions for assign hostname

* Reduced code duplication
---
 src/Umbraco.Core/Services/UserServiceExtensions.cs         | 7 ++++++-
 .../Controllers/ContentController.cs                       | 6 ++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/Umbraco.Core/Services/UserServiceExtensions.cs b/src/Umbraco.Core/Services/UserServiceExtensions.cs
index f17a266616..7399f37fe8 100644
--- a/src/Umbraco.Core/Services/UserServiceExtensions.cs
+++ b/src/Umbraco.Core/Services/UserServiceExtensions.cs
@@ -8,6 +8,11 @@ namespace Umbraco.Extensions;
 public static class UserServiceExtensions
 {
     public static EntityPermission? GetPermissions(this IUserService userService, IUser? user, string path)
+    {
+       return userService.GetAllPermissions(user, path).FirstOrDefault();
+    }
+
+    public static EntityPermissionCollection GetAllPermissions(this IUserService userService, IUser? user, string path)
     {
         var ids = path.Split(Constants.CharArrays.Comma, StringSplitOptions.RemoveEmptyEntries)
             .Select(x =>
@@ -23,7 +28,7 @@ public static class UserServiceExtensions
                                                 " could not be parsed into an array of integers or the path was empty");
         }
 
-        return userService.GetPermissions(user, ids[^1]).FirstOrDefault();
+        return userService.GetPermissions(user, ids[^1]);
     }
 
     /// <summary>
diff --git a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
index d8c306bff4..b6b612466e 100644
--- a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs
@@ -2400,8 +2400,10 @@ public class ContentController : ContentControllerBase
         }
 
         // Validate permissions on node
-        EntityPermission? permission = _userService.GetPermissions(_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, node.Path);
-        if (permission?.AssignedPermissions.Contains(ActionAssignDomain.ActionLetter.ToString(), StringComparer.Ordinal) == false)
+        var permissions = _userService.GetAllPermissions(_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, node.Path);
+
+        if (permissions.Any(x =>
+                x.AssignedPermissions.Contains(ActionAssignDomain.ActionLetter.ToString(), StringComparer.Ordinal) && x.EntityId == node.Id) == false)
         {
             HttpContext.SetReasonPhrase("Permission Denied.");
             return BadRequest("You do not have permission to assign domains on that node.");