From d9aaba192c380e000a0086c2f050f2da1d7c0cd6 Mon Sep 17 00:00:00 2001
From: Stephan <stephane@umbraco.dk>
Date: Thu, 14 Sep 2017 19:29:12 +0200
Subject: [PATCH] Port 7.7 - WIP

---
 src/Umbraco.Tests.Benchmarks/App.config       |   2 +-
 src/Umbraco.Tests/App.config                  |  15 +-
 .../Cache/CacheRefresherComponentTests.cs     |  12 +-
 .../Configurations/RepositorySettingsTests.cs |  32 -
 src/Umbraco.Tests/CoreThings/UdiTests.cs      |  23 +
 src/Umbraco.Tests/DateTimeExtensionsTests.cs  |  46 ++
 .../Membership/MembershipProviderBaseTests.cs |   2 +-
 .../UmbracoServiceMembershipProviderTests.cs  |  16 +-
 .../Migrations/Upgrades/BaseUpgradeTest.cs    |  32 +-
 .../Models/Mapping/UserModelMapperTests.cs    |  35 +
 .../Models/UserExtensionsTests.cs             |  99 ++-
 src/Umbraco.Tests/Models/UserTests.cs         |  32 +-
 src/Umbraco.Tests/Models/UserTypeTests.cs     |  61 --
 .../Persistence/DatabaseFactoryTests.cs       |  18 -
 .../Persistence/PetaPocoDynamicQueryTests.cs  | 133 ---
 .../Persistence/Querying/QueryBuilderTests.cs |   8 +-
 .../Repositories/ContentRepositoryTest.cs     |  39 +-
 .../Repositories/ContentTypeRepositoryTest.cs |   2 +-
 .../Repositories/DomainRepositoryTest.cs      |   2 +-
 .../NotificationsRepositoryTest.cs            |   8 +-
 .../PublicAccessRepositoryTest.cs             |   2 +-
 .../Repositories/TagRepositoryTest.cs         |   2 +-
 .../Repositories/TemplateRepositoryTest.cs    |   2 +-
 .../Repositories/UserGroupRepositoryTest.cs   | 420 ++++++++++
 .../Repositories/UserRepositoryTest.cs        | 352 +++-----
 .../Repositories/UserTypeRepositoryTest.cs    | 288 -------
 .../Persistence/SqlCeTableByTableTest.cs      |  45 +-
 .../PropertyEditorValueConverterTests.cs      |  21 +
 .../PublishedContentExtensionTests.cs         |  10 +-
 .../PublishedContent/PublishedContentTests.cs |   2 +-
 .../Scheduling/BackgroundTaskRunnerTests.cs   |   4 +-
 .../Scoping/ScopedRepositoryTests.cs          |   3 +-
 .../UmbracoBackOfficeIdentityTests.cs         |  20 +-
 .../Services/ContentServicePerformanceTest.cs |   8 +-
 .../Services/ContentServiceTests.cs           | 210 ++++-
 .../Services/SectionServiceTests.cs           |  70 ++
 .../Services/UserServiceTests.cs              | 767 +++++++++++++-----
 .../Strings/DefaultShortStringHelperTests.cs  |  27 +
 .../AuthenticateEverythingExtensions.cs       |  18 +
 .../AuthenticateEverythingMiddleware.cs       |  55 ++
 .../SpecificAssemblyResolver.cs               |  21 +
 .../TestControllerActivator.cs                |  22 +
 .../TestControllerActivatorBase.cs            | 144 ++++
 .../ControllerTesting/TestRunner.cs           |  79 ++
 .../ControllerTesting/TestStartup.cs          |  54 ++
 .../ControllerTesting/TraceExceptionLogger.cs |  16 +
 .../TestHelpers/Entities/MockedContent.cs     |   7 +-
 .../TestHelpers/Entities/MockedUser.cs        |  52 +-
 .../TestHelpers/Entities/MockedUserGroup.cs   |  32 +
 .../TestHelpers/Entities/MockedUserType.cs    |  17 -
 .../TestHelpers/SettingsForTests.cs           |   1 +
 src/Umbraco.Tests/TestHelpers/TestObjects.cs  |  10 +-
 .../TreesAndSections/SectionTests.cs          |  47 --
 src/Umbraco.Tests/UI/LegacyDialogTests.cs     |   6 -
 src/Umbraco.Tests/Umbraco.Tests.csproj        |  39 +-
 .../UmbracoExamine/IndexInitializer.cs        |   8 +-
 .../ContentControllerUnitTests.cs             | 170 ++--
 ...terAllowedOutgoingContentAttributeTests.cs |  65 +-
 .../MediaControllerUnitTests.cs               |  58 +-
 .../Web/Controllers/UsersControllerTests.cs   | 126 +++
 .../HealthChecks/HealthCheckResultsTests.cs   | 156 ++++
 src/Umbraco.Tests/packages.config             |   5 +
 .../WebApi/HttpRequestMessageExtensions.cs    |   7 -
 63 files changed, 2701 insertions(+), 1384 deletions(-)
 delete mode 100644 src/Umbraco.Tests/Configurations/RepositorySettingsTests.cs
 create mode 100644 src/Umbraco.Tests/DateTimeExtensionsTests.cs
 create mode 100644 src/Umbraco.Tests/Models/Mapping/UserModelMapperTests.cs
 delete mode 100644 src/Umbraco.Tests/Models/UserTypeTests.cs
 delete mode 100644 src/Umbraco.Tests/Persistence/DatabaseFactoryTests.cs
 delete mode 100644 src/Umbraco.Tests/Persistence/PetaPocoDynamicQueryTests.cs
 create mode 100644 src/Umbraco.Tests/Persistence/Repositories/UserGroupRepositoryTest.cs
 delete mode 100644 src/Umbraco.Tests/Persistence/Repositories/UserTypeRepositoryTest.cs
 create mode 100644 src/Umbraco.Tests/Services/SectionServiceTests.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingExtensions.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingMiddleware.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/SpecificAssemblyResolver.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivator.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivatorBase.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/TestRunner.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/TestStartup.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/ControllerTesting/TraceExceptionLogger.cs
 create mode 100644 src/Umbraco.Tests/TestHelpers/Entities/MockedUserGroup.cs
 delete mode 100644 src/Umbraco.Tests/TestHelpers/Entities/MockedUserType.cs
 rename src/Umbraco.Tests/Web/Controllers/{WebApiEditors => }/ContentControllerUnitTests.cs (55%)
 rename src/Umbraco.Tests/Web/Controllers/{WebApiEditors => }/FilterAllowedOutgoingContentAttributeTests.cs (65%)
 rename src/Umbraco.Tests/Web/Controllers/{WebApiEditors => }/MediaControllerUnitTests.cs (55%)
 create mode 100644 src/Umbraco.Tests/Web/Controllers/UsersControllerTests.cs
 create mode 100644 src/Umbraco.Tests/Web/HealthChecks/HealthCheckResultsTests.cs

diff --git a/src/Umbraco.Tests.Benchmarks/App.config b/src/Umbraco.Tests.Benchmarks/App.config
index 8cfb77478c..dca44c497f 100644
--- a/src/Umbraco.Tests.Benchmarks/App.config
+++ b/src/Umbraco.Tests.Benchmarks/App.config
@@ -13,7 +13,7 @@
 
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
-        <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
+        <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
       </dependentAssembly>
       <dependentAssembly>
         <assemblyIdentity name="Microsoft.Owin.Security.OAuth" publicKeyToken="31bf3856ad364e35" culture="neutral" />
diff --git a/src/Umbraco.Tests/App.config b/src/Umbraco.Tests/App.config
index 08b3793afa..362eed160c 100644
--- a/src/Umbraco.Tests/App.config
+++ b/src/Umbraco.Tests/App.config
@@ -79,6 +79,7 @@
   </system.data>
 
   <system.web>
+    <httpRuntime targetFramework="4.5" />
     <compilation defaultLanguage="c#" debug="true" batch="false" targetFramework="4.0"></compilation>
     <machineKey validationKey="5E7B955FCE36F5F2A867C2A0D85DC61E7FEA9E15F1561E8386F78BFE9EE23FF18B21E6A44AA17300B3B9D5DBEB37AA61A2C73884A5BBEDA6D3B14BA408A7A8CD" decryptionKey="116B853D031219E404E088FCA0986D6CF2DFA77E1957B59FCC9404B8CA3909A1" validation="SHA1" decryption="AES" />
     <!--<trust level="Medium" originUrl=".*"/>-->
@@ -89,9 +90,19 @@
         <add name="UmbracoSiteMapProvider" type="umbraco.presentation.nodeFactory.UmbracoSiteMapProvider" defaultDescriptionAlias="description" securityTrimmingEnabled="true" />
       </providers>
     </siteMap>
+    <!-- Membership Provider -->
+    <membership defaultProvider="UmbracoMembershipProvider" userIsOnlineTimeWindow="15">
+        <providers>
+            <clear />
+            <add name="UmbracoMembershipProvider" type="Umbraco.Web.Security.Providers.MembersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" defaultMemberTypeAlias="Member" passwordFormat="Hashed" />
+            <add name="UsersMembershipProvider" type="Umbraco.Web.Security.Providers.UsersMembershipProvider, Umbraco" minRequiredNonalphanumericCharacters="0" minRequiredPasswordLength="4" useLegacyEncoding="false" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" passwordFormat="Hashed" allowManuallyChangingPassword="false" />
+        </providers>
+    </membership>
   </system.web>
 
-<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" /></startup>
+  <startup>
+      <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
+  </startup>
   <runtime>
 
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
@@ -156,7 +167,7 @@
 
         <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
 
-        <bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
+        <bindingRedirect oldVersion="0.0.0.0-3.1.0.0" newVersion="3.1.0.0" />
 
       </dependentAssembly>
 
diff --git a/src/Umbraco.Tests/Cache/CacheRefresherComponentTests.cs b/src/Umbraco.Tests/Cache/CacheRefresherComponentTests.cs
index f169e0eb6c..20d0fe979c 100644
--- a/src/Umbraco.Tests/Cache/CacheRefresherComponentTests.cs
+++ b/src/Umbraco.Tests/Cache/CacheRefresherComponentTests.cs
@@ -42,12 +42,10 @@ namespace Umbraco.Tests.Cache
                 new EventDefinition<ISectionService, EventArgs>(null, serviceContext.SectionService, new EventArgs(), "Deleted"),
                 new EventDefinition<ISectionService, EventArgs>(null, serviceContext.SectionService, new EventArgs(), "New"),
 
-                new EventDefinition<IUserService, SaveEventArgs<IUserType>>(null, serviceContext.UserService, new SaveEventArgs<IUserType>(Enumerable.Empty<IUserType>())),
-                new EventDefinition<IUserService, DeleteEventArgs<IUserType>>(null, serviceContext.UserService, new DeleteEventArgs<IUserType>(Enumerable.Empty<IUserType>())),
-
                 new EventDefinition<IUserService, SaveEventArgs<IUser>>(null, serviceContext.UserService, new SaveEventArgs<IUser>(Enumerable.Empty<IUser>())),
                 new EventDefinition<IUserService, DeleteEventArgs<IUser>>(null, serviceContext.UserService, new DeleteEventArgs<IUser>(Enumerable.Empty<IUser>())),
-                new EventDefinition<IUserService, DeleteEventArgs<IUser>>(null, serviceContext.UserService, new DeleteEventArgs<IUser>(Enumerable.Empty<IUser>())),
+                new EventDefinition<IUserService, SaveEventArgs<IUserGroup>>(null, serviceContext.UserService, new SaveEventArgs<IUserGroup>(Enumerable.Empty<IUserGroup>())),
+                new EventDefinition<IUserService, DeleteEventArgs<IUserGroup>>(null, serviceContext.UserService, new DeleteEventArgs<IUserGroup>(Enumerable.Empty<IUserGroup>())),
 
                 new EventDefinition<ILocalizationService, SaveEventArgs<IDictionaryItem>>(null, serviceContext.LocalizationService, new SaveEventArgs<IDictionaryItem>(Enumerable.Empty<IDictionaryItem>())),
                 new EventDefinition<ILocalizationService, DeleteEventArgs<IDictionaryItem>>(null, serviceContext.LocalizationService, new DeleteEventArgs<IDictionaryItem>(Enumerable.Empty<IDictionaryItem>())),
@@ -90,8 +88,10 @@ namespace Umbraco.Tests.Cache
                 new EventDefinition<IMediaService, MoveEventArgs<IMedia>>(null, serviceContext.MediaService, new MoveEventArgs<IMedia>(new MoveEventInfo<IMedia>(null, "", -1)), "Trashed"),
                 new EventDefinition<IMediaService, RecycleBinEventArgs>(null, serviceContext.MediaService, new RecycleBinEventArgs(Guid.NewGuid(), new Dictionary<int, IEnumerable<Property>>(), true)),
 
-                new EventDefinition<IContentService, SaveEventArgs<IContent>>(null, serviceContext.ContentService, new SaveEventArgs<IContent>(Enumerable.Empty<IContent>())),
-                new EventDefinition<IContentService, DeleteEventArgs<IContent>>(null, serviceContext.ContentService, new DeleteEventArgs<IContent>(Enumerable.Empty<IContent>())),
+                new EventDefinition<IContentService, SaveEventArgs<IContent>>(null, serviceContext.ContentService, new SaveEventArgs<IContent>(Enumerable.Empty<IContent>()), "Saved"),
+                new EventDefinition<IContentService, SaveEventArgs<IContent>>(null, serviceContext.ContentService, new SaveEventArgs<IContent>(Enumerable.Empty<IContent>()), "SavedBlueprint"),
+                new EventDefinition<IContentService, DeleteEventArgs<IContent>>(null, serviceContext.ContentService, new DeleteEventArgs<IContent>(Enumerable.Empty<IContent>()), "Deleted"),
+                new EventDefinition<IContentService, DeleteEventArgs<IContent>>(null, serviceContext.ContentService, new DeleteEventArgs<IContent>(Enumerable.Empty<IContent>()), "DeletedBlueprint"),
                 new EventDefinition<IContentService, CopyEventArgs<IContent>>(null, serviceContext.ContentService, new CopyEventArgs<IContent>(null, null, -1)),
                 new EventDefinition<IContentService, MoveEventArgs<IContent>>(null, serviceContext.ContentService, new MoveEventArgs<IContent>(new MoveEventInfo<IContent>(null, "", -1)), "Trashed"),
                 new EventDefinition<IContentService, RecycleBinEventArgs>(null, serviceContext.ContentService, new RecycleBinEventArgs(Guid.NewGuid(), new Dictionary<int, IEnumerable<Property>>(), true)),
diff --git a/src/Umbraco.Tests/Configurations/RepositorySettingsTests.cs b/src/Umbraco.Tests/Configurations/RepositorySettingsTests.cs
deleted file mode 100644
index 8291a34fad..0000000000
--- a/src/Umbraco.Tests/Configurations/RepositorySettingsTests.cs
+++ /dev/null
@@ -1,32 +0,0 @@
-using System.Configuration;
-using NUnit.Framework;
-using Umbraco.Core.Configuration.InfrastructureSettings;
-
-namespace Umbraco.Tests.Configurations
-{
-    [TestFixture]
-    public class RepositorySettingsTests
-    {
-        [Test]
-        public void Can_Get_Repository_From_Config()
-        {
-            Infrastructure infrastructure = Infrastructure.Instance;
-            Repositories repositories = infrastructure.Repositories;
-            Repository repository = repositories.Repository["IContentRepository"];
-
-            Assert.That(repository, Is.Not.Null);
-            Assert.AreEqual(repository.InterfaceShortTypeName, "IContentRepository");
-            Assert.AreEqual(repository.RepositoryFullTypeName, "Umbraco.Core.Persistence.Repositories.ContentRepository, Umbraco.Core");
-            Assert.AreEqual(repository.CacheProviderFullTypeName, "Umbraco.Core.Persistence.Caching.RuntimeCacheProvider, Umbraco.Core");
-        }
-
-        [Test]
-        public void Can_Get_PublishingStrategy_From_Config()
-        {
-            Infrastructure infrastructure = Infrastructure.Instance;
-            PublishingProvider strategy = infrastructure.PublishingStrategy;
-
-            Assert.That(strategy.Type, Is.EqualTo("Umbraco.Web.Publishing.PublishingStrategy, Umbraco.Web"));
-        }
-    }
-}
diff --git a/src/Umbraco.Tests/CoreThings/UdiTests.cs b/src/Umbraco.Tests/CoreThings/UdiTests.cs
index 60ac41e87b..349fea22e9 100644
--- a/src/Umbraco.Tests/CoreThings/UdiTests.cs
+++ b/src/Umbraco.Tests/CoreThings/UdiTests.cs
@@ -79,6 +79,29 @@ namespace Umbraco.Tests.CoreThings
             Assert.AreEqual("umb://" + Constants.UdiEntityType.AnyString + "/path%20to/this%20is%20a%20test.xyz", udi3.ToString());
         }
 
+        [Test]
+        public void StringEncodingTest2()
+        {
+            // reserved = : / ? # [ ] @ ! $ & ' ( ) * + , ; =
+            // unreserved = alpha digit - . _ ~
+
+            Assert.AreEqual("%3A%2F%3F%23%5B%5D%40%21%24%26%27%28%29%2B%2C%3B%3D.-_~%25", Uri.EscapeDataString(":/?#[]@!$&'()+,;=.-_~%"));
+            Assert.AreEqual(":/?#[]@!$&'()+,;=.-_~%25", Uri.EscapeUriString(":/?#[]@!$&'()+,;=.-_~%"));
+
+            // we cannot have reserved chars at random places
+            // we want to keep the / in string udis
+
+            var r = string.Join("/", "path/to/View[1].cshtml".Split('/').Select(Uri.EscapeDataString));
+            Assert.AreEqual("path/to/View%5B1%5D.cshtml", r);
+            Assert.IsTrue(Uri.IsWellFormedUriString("umb://partial-view-macro/" + r, UriKind.Absolute));
+
+            // with the proper fix in StringUdi this should work:
+            var udi1 = new StringUdi("partial-view-macro", "path/to/View[1].cshtml");
+            Assert.AreEqual("umb://partial-view-macro/path/to/View%5B1%5D.cshtml", udi1.ToString());
+            var udi2 = Udi.Parse("umb://partial-view-macro/path/to/View%5B1%5D.cshtml");
+            Assert.AreEqual("path/to/View[1].cshtml", ((StringUdi) udi2).Id);
+        }
+
         [Test]
         public void GuidEntityCtorTest()
         {
diff --git a/src/Umbraco.Tests/DateTimeExtensionsTests.cs b/src/Umbraco.Tests/DateTimeExtensionsTests.cs
new file mode 100644
index 0000000000..83a47b3551
--- /dev/null
+++ b/src/Umbraco.Tests/DateTimeExtensionsTests.cs
@@ -0,0 +1,46 @@
+using System;
+using NUnit.Framework;
+using Umbraco.Core;
+
+namespace Umbraco.Tests
+{
+    [TestFixture]
+    public class DateTimeExtensionsTests
+    {
+        [Test]
+        public void PeriodicMinutesFrom_PostTime_CalculatesMinutesBetween()
+        {
+            var nowDateTime = new DateTime(2017, 1, 1, 10, 30, 0);
+            var scheduledTime = "1145";
+            var minutesBetween = nowDateTime.PeriodicMinutesFrom(scheduledTime);
+            Assert.AreEqual(75, minutesBetween);
+        }
+
+        [Test]
+        public void PeriodicMinutesFrom_PriorTime_CalculatesMinutesBetween()
+        {
+            var nowDateTime = new DateTime(2017, 1, 1, 10, 30, 0);
+            var scheduledTime = "900";
+            var minutesBetween = nowDateTime.PeriodicMinutesFrom(scheduledTime);
+            Assert.AreEqual(1350, minutesBetween);
+        }
+
+        [Test]
+        public void PeriodicMinutesFrom_PriorTime_WithLeadingZero_CalculatesMinutesBetween()
+        {
+            var nowDateTime = new DateTime(2017, 1, 1, 10, 30, 0);
+            var scheduledTime = "0900";
+            var minutesBetween = nowDateTime.PeriodicMinutesFrom(scheduledTime);
+            Assert.AreEqual(1350, minutesBetween);
+        }
+
+        [Test]
+        public void PeriodicMinutesFrom_SameTime_CalculatesMinutesBetween()
+        {
+            var nowDateTime = new DateTime(2017, 1, 1, 10, 30, 0);
+            var scheduledTime = "1030";
+            var minutesBetween = nowDateTime.PeriodicMinutesFrom(scheduledTime);
+            Assert.AreEqual(0, minutesBetween);
+        }
+    }
+}
diff --git a/src/Umbraco.Tests/Membership/MembershipProviderBaseTests.cs b/src/Umbraco.Tests/Membership/MembershipProviderBaseTests.cs
index 743fc4f968..3661d1a4b6 100644
--- a/src/Umbraco.Tests/Membership/MembershipProviderBaseTests.cs
+++ b/src/Umbraco.Tests/Membership/MembershipProviderBaseTests.cs
@@ -168,7 +168,7 @@ namespace Umbraco.Tests.Membership
             Assert.AreEqual("test", provider.Name);
             Assert.AreEqual(MembershipProviderBase.GetDefaultAppName(), provider.ApplicationName);
             Assert.AreEqual(false, provider.EnablePasswordRetrieval);
-            Assert.AreEqual(false, provider.EnablePasswordReset);
+            Assert.AreEqual(true, provider.EnablePasswordReset);
             Assert.AreEqual(false, provider.RequiresQuestionAndAnswer);
             Assert.AreEqual(true, provider.RequiresUniqueEmail);
             Assert.AreEqual(5, provider.MaxInvalidPasswordAttempts);
diff --git a/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs b/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs
index b8f1f56675..9dd3047f1d 100644
--- a/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs
+++ b/src/Umbraco.Tests/Membership/UmbracoServiceMembershipProviderTests.cs
@@ -1,6 +1,4 @@
-using System;
-using System.Collections.Specialized;
-using System.Configuration.Provider;
+using System.Collections.Specialized;
 using System.Web.Security;
 using Moq;
 using NUnit.Framework;
@@ -87,9 +85,9 @@ namespace Umbraco.Tests.Membership
             membershipServiceMock.Setup(service => service.GetByEmail("test@test.com")).Returns(() => null);
             membershipServiceMock.Setup(
                 service => service.CreateWithIdentity(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
-                        .Callback((string u, string e, string p, string m) =>
+                        .Callback((string u, string e, string p, string m, bool isApproved) =>
                             {
-                                createdMember = new Member("test", e, u, p, memberType);
+                                createdMember = new Member("test", e, u, p, memberType, isApproved);
                             })
                         .Returns(() => createdMember);
             var provider = new MembersMembershipProvider(membershipServiceMock.Object, memberTypeServiceMock.Object);
@@ -119,9 +117,9 @@ namespace Umbraco.Tests.Membership
             membershipServiceMock.Setup(service => service.GetByEmail("test@test.com")).Returns(() => null);
             membershipServiceMock.Setup(
                 service => service.CreateWithIdentity(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
-                        .Callback((string u, string e, string p, string m) =>
+                        .Callback((string u, string e, string p, string m, bool isApproved) =>
                             {
-                                createdMember = new Member("test", e, u, p, memberType);
+                                createdMember = new Member("test", e, u, p, memberType, isApproved);
                             })
                         .Returns(() => createdMember);
 
@@ -153,9 +151,9 @@ namespace Umbraco.Tests.Membership
             membershipServiceMock.Setup(service => service.GetByEmail("test@test.com")).Returns(() => null);
             membershipServiceMock.Setup(
                 service => service.CreateWithIdentity(It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>()))
-                        .Callback((string u, string e, string p, string m) =>
+                        .Callback((string u, string e, string p, string m, bool isApproved) =>
                         {
-                            createdMember = new Member("test", e, u, p, memberType);
+                            createdMember = new Member("test", e, u, p, memberType, isApproved);
                         })
                         .Returns(() => createdMember);
 
diff --git a/src/Umbraco.Tests/Migrations/Upgrades/BaseUpgradeTest.cs b/src/Umbraco.Tests/Migrations/Upgrades/BaseUpgradeTest.cs
index bd0c2ecabe..a3ee01dc3d 100644
--- a/src/Umbraco.Tests/Migrations/Upgrades/BaseUpgradeTest.cs
+++ b/src/Umbraco.Tests/Migrations/Upgrades/BaseUpgradeTest.cs
@@ -5,11 +5,9 @@ using NPoco;
 using NUnit.Framework;
 using Semver;
 using Umbraco.Core;
-using Umbraco.Core.Composing;
 using Umbraco.Core.Logging;
 using Umbraco.Core.Persistence;
 using Umbraco.Core.Persistence.Migrations;
-using Umbraco.Core.Persistence.Migrations.Upgrades.TargetVersionSix;
 using Umbraco.Core.Services;
 using Umbraco.Tests.TestHelpers;
 
@@ -61,20 +59,22 @@ namespace Umbraco.Tests.Migrations.Upgrades
                 logger,
                 configuredVersion,
                 targetVersion,
-                Constants.System.UmbracoMigrationName,
-                //pass in explicit migrations
-                new Core.Persistence.Migrations.Upgrades.TargetVersionFourNineZero.RemoveUmbracoAppConstraints(context),
-                new DeleteAppTables(context),
-                new EnsureAppsTreesUpdated(context),
-                new MoveMasterContentTypeData(context),
-                new NewCmsContentType2ContentTypeTable(context),
-                new RemoveMasterContentTypeColumn(context),
-                new RenameCmsTabTable(context),
-                new RenameTabIdColumn(context),
-                new UpdateCmsContentTypeAllowedContentTypeTable(context),
-                new UpdateCmsContentTypeTable(context),
-                new UpdateCmsContentVersionTable(context),
-                new UpdateCmsPropertyTypeGroupTable(context));
+                Constants.System.UmbracoMigrationName
+                //pass in explicit migrations
+                // fixme - all gone in v8 - migrations need to be refactored anyways
+                //new Core.Persistence.Migrations.Upgrades.TargetVersionFourNineZero.RemoveUmbracoAppConstraints(context),
+                //new DeleteAppTables(context),
+                //new EnsureAppsTreesUpdated(context),
+                //new MoveMasterContentTypeData(context),
+                //new NewCmsContentType2ContentTypeTable(context),
+                //new RemoveMasterContentTypeColumn(context),
+                //new RenameCmsTabTable(context),
+                //new RenameTabIdColumn(context),
+                //new UpdateCmsContentTypeAllowedContentTypeTable(context),
+                //new UpdateCmsContentTypeTable(context),
+                //new UpdateCmsContentVersionTable(context),
+                //new UpdateCmsPropertyTypeGroupTable(context)
+                );
 
             var upgraded = migrationRunner.Execute(context /*, true*/);
 
diff --git a/src/Umbraco.Tests/Models/Mapping/UserModelMapperTests.cs b/src/Umbraco.Tests/Models/Mapping/UserModelMapperTests.cs
new file mode 100644
index 0000000000..f1dea9b587
--- /dev/null
+++ b/src/Umbraco.Tests/Models/Mapping/UserModelMapperTests.cs
@@ -0,0 +1,35 @@
+using System.Collections.Generic;
+using AutoMapper;
+using Newtonsoft.Json;
+using NUnit.Framework;
+using Umbraco.Core.Models.Membership;
+using Umbraco.Tests.TestHelpers;
+using Umbraco.Tests.Testing;
+using Umbraco.Web.Models.ContentEditing;
+
+namespace Umbraco.Tests.Models.Mapping
+{
+    [TestFixture]
+    [UmbracoTest(AutoMapper = true, Database = UmbracoTestOptions.Database.NewSchemaPerFixture)]
+    public class UserModelMapperTests : TestWithDatabaseBase
+    {
+        [Test]
+        public void Map_UserGroupSave_To_IUserGroup()
+        {
+            IUserGroup userGroup = new UserGroup(0, "alias", "name", new List<string> { "c" }, "icon");
+            userGroup.Id = 42;
+
+            // userGroup.permissions is System.Collections.Generic.List`1[System.String]
+
+            // userGroup.permissions is System.Linq.Enumerable+WhereSelectArrayIterator`2[System.Char, System.String]
+            // fixed: now System.Collections.Generic.List`1[System.String]
+
+            const string json = "{\"id\":@@@ID@@@,\"alias\":\"perm1\",\"name\":\"Perm1\",\"icon\":\"icon-users\",\"sections\":[\"content\"],\"users\":[],\"defaultPermissions\":[\"F\",\"C\",\"A\"],\"assignedPermissions\":{},\"startContentId\":-1,\"startMediaId\":-1,\"action\":\"save\",\"parentId\":-1}";
+            var userGroupSave = JsonConvert.DeserializeObject<UserGroupSave>(json.Replace("@@@ID@@@", userGroup.Id.ToString()));
+
+            // failed, AutoMapper complained, "Unable to cast object of type 'WhereSelectArrayIterator`2[System.Char,System.String]' to type 'System.Collections.IList'".
+            // fixmed: added ToList() in UserGroupFactory
+            Mapper.Map(userGroupSave, userGroup);
+        }
+    }
+}
diff --git a/src/Umbraco.Tests/Models/UserExtensionsTests.cs b/src/Umbraco.Tests/Models/UserExtensionsTests.cs
index d5e90d1fc4..9c776a3c00 100644
--- a/src/Umbraco.Tests/Models/UserExtensionsTests.cs
+++ b/src/Umbraco.Tests/Models/UserExtensionsTests.cs
@@ -1,29 +1,100 @@
-using Moq;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Moq;
 using NUnit.Framework;
 using Umbraco.Core.Models;
+using Umbraco.Core.Models.EntityBase;
 using Umbraco.Core.Models.Membership;
+using Umbraco.Core.Services;
 
 namespace Umbraco.Tests.Models
 {
     [TestFixture]
     public class UserExtensionsTests
     {
-        [TestCase(2, "-1,1,2,3,4,5", true)]
-        [TestCase(6, "-1,1,2,3,4,5", false)]
-        [TestCase(-1, "-1,1,2,3,4,5", true)]
-        [TestCase(5, "-1,1,2,3,4,5", true)]
-        [TestCase(-1, "-1,-20,1,2,3,4,5", true)]
-        [TestCase(1, "-1,-20,1,2,3,4,5", false)]
-        public void Determines_Path_Based_Access_To_Content(int userId, string contentPath, bool outcome)
+        [TestCase(-1, "-1", "-1,1,2,3,4,5", true)] // below root start node
+        [TestCase(2, "-1,1,2", "-1,1,2,3,4,5", true)] // below start node
+        [TestCase(5, "-1,1,2,3,4,5", "-1,1,2,3,4,5", true)] // at start node
+
+        [TestCase(6, "-1,1,2,3,4,5,6", "-1,1,2,3,4,5", false)] // above start node
+
+        [TestCase(-1, "-1", "-1,-20,1,2,3,4,5", true)] // below root start node, bin
+        [TestCase(1, "-1,-20,1", "-1,-20,1,2,3,4,5", false)] // below bin start node
+
+        public void Determines_Path_Based_Access_To_Content(int startNodeId, string startNodePath, string contentPath, bool outcome)
         {
             var userMock = new Mock<IUser>();
-            userMock.Setup(u => u.StartContentId).Returns(userId);
+            userMock.Setup(u => u.StartContentIds).Returns(new[] { startNodeId });
             var user = userMock.Object;
-            var contentMock = new Mock<IContent>();
-            contentMock.Setup(c => c.Path).Returns(contentPath);
-            var content = contentMock.Object;
+            var content = Mock.Of<IContent>(c => c.Path == contentPath && c.Id == 5);
 
-            Assert.AreEqual(outcome, user.HasPathAccess(content));
+            var esmock = new Mock<IEntityService>();
+            esmock
+                .Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns<UmbracoObjectTypes, int[]>((type, ids) => new[] { new EntityPath { Id = startNodeId, Path = startNodePath } });
+
+            Assert.AreEqual(outcome, user.HasPathAccess(content, esmock.Object));
+        }
+
+        [TestCase("", "1", "1")] // single user start, top level
+        [TestCase("", "4", "4")] // single user start, deeper level
+        [TestCase("", "2,3", "2,3")] // many user starts
+        [TestCase("", "2,3,4", "3,4")] // many user starts, de-duplicate to deepest
+
+        [TestCase("1", "", "1")] // single group start, top level
+        [TestCase("4", "", "4")] // single group start, deeper leve
+        [TestCase("2,3", "", "2,3")] // many group starts
+        [TestCase("2,3,4", "", "2,3")] // many group starts, de-duplicate to upmost
+
+        [TestCase("3", "2", "3,2")] // user and group start, combine
+        [TestCase("3", "2,5", "2,5")] // user and group start, restrict
+        [TestCase("3", "2,1", "2,1")] // user and group start, expand
+
+        [TestCase("3,8", "2,6", "3,2")] // exclude bin
+        [TestCase("", "6", "")] // exclude bin
+
+        public void CombineStartNodes(string groupSn, string userSn, string expected)
+        {
+            // 1
+            //  3
+            //   5
+            // 2
+            //  4
+            // bin
+            //  6
+            //  7
+            //   8
+
+            var paths = new Dictionary<int, string>
+            {
+                { 1, "-1,1" },
+                { 2, "-1,2" },
+                { 3, "-1,1,3" },
+                { 4, "-1,2,4" },
+                { 5, "-1,1,3,5" },
+                { 6, "-1,-20,6" },
+                { 7, "-1,-20,7" },
+                { 8, "-1,-20,7,8" },
+            };
+
+            var esmock = new Mock<IEntityService>();
+            esmock
+                .Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns<UmbracoObjectTypes, int[]>((type, ids) => paths.Where(x => ids.Contains(x.Key)).Select(x => new EntityPath { Id = x.Key, Path = x.Value }));
+
+            var comma = new[] { ',' };
+
+            var groupSnA = groupSn.Split(comma, StringSplitOptions.RemoveEmptyEntries).Select(int.Parse).ToArray();
+            var userSnA = userSn.Split(comma, StringSplitOptions.RemoveEmptyEntries).Select(int.Parse).ToArray();
+            var combinedA = UserExtensions.CombineStartNodes(UmbracoObjectTypes.Document, groupSnA, userSnA, esmock.Object).OrderBy(x => x).ToArray();
+            var expectedA = expected.Split(comma, StringSplitOptions.RemoveEmptyEntries).Select(int.Parse).OrderBy(x => x).ToArray();
+
+            var ok = combinedA.Length == expectedA.Length;
+            if (ok) ok = expectedA.Where((t, i) => t != combinedA[i]).Any() == false;
+
+            if (ok == false)
+                Assert.Fail("Expected \"" + string.Join(",", expectedA) + "\" but got \"" + string.Join(",", combinedA) + "\".");
         }
     }
-}
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/Models/UserTests.cs b/src/Umbraco.Tests/Models/UserTests.cs
index b6924c08cd..5e982633d2 100644
--- a/src/Umbraco.Tests/Models/UserTests.cs
+++ b/src/Umbraco.Tests/Models/UserTests.cs
@@ -13,7 +13,7 @@ namespace Umbraco.Tests.Models
         [Test]
         public void Can_Deep_Clone()
         {
-            var item = new User(new UserType(){Id = 3})
+            var item = new User()
             {
                 Id = 3,
                 Key = Guid.NewGuid(),
@@ -21,7 +21,6 @@ namespace Umbraco.Tests.Models
                 CreateDate = DateTime.Now,
                 Name = "Test",
                 Comments = "comments",
-                DefaultPermissions = new[]{"a","b","c"},
                 DefaultToLiveEditing = false,
                 Email = "test@test.com",
                 Language = "en",
@@ -36,42 +35,24 @@ namespace Umbraco.Tests.Models
                 PasswordQuestion = "question",
                 //ProviderUserKey = "user key",
                 SessionTimeout = 5,
-                StartContentId = 3,
-                StartMediaId = 8,
+                StartContentIds = new[] { 3 },
+                StartMediaIds = new[] { 8 },
                 Username = "username"
             };
 
-            item.AddAllowedSection("test");
-
             var clone = (User)item.DeepClone();
 
             Assert.AreNotSame(clone, item);
             Assert.AreEqual(clone, item);
 
-            Assert.AreNotSame(clone.UserType, item.UserType);
-            Assert.AreEqual(clone.UserType, item.UserType);
             Assert.AreEqual(clone.AllowedSections.Count(), item.AllowedSections.Count());
 
-            Assert.AreNotSame(clone.DefaultPermissions, item.DefaultPermissions);
-            Assert.AreEqual(clone.DefaultPermissions.Count(), item.DefaultPermissions.Count());
-
             //Verify normal properties with reflection
             var allProps = clone.GetType().GetProperties();
             foreach (var propertyInfo in allProps)
             {
                 Assert.AreEqual(propertyInfo.GetValue(clone, null), propertyInfo.GetValue(item, null));
             }
-
-            //ensure internal collections are differet
-            Assert.AreNotSame(item.AddedSections, clone.AddedSections);
-            Assert.AreNotSame(item.RemovedSections, clone.RemovedSections);
-
-            //ensure event handlers are still wired on clone
-            clone.AddAllowedSection("blah");
-            Assert.AreEqual(1, clone.AddedSections.Count());
-            clone.RemoveAllowedSection("blah");
-            Assert.AreEqual(1, clone.RemovedSections.Count());
-
         }
 
         [Test]
@@ -79,7 +60,7 @@ namespace Umbraco.Tests.Models
         {
             var ss = new SerializationService(new JsonNetSerializer());
 
-            var item = new User(new UserType() { Id = 3 })
+            var item = new User
             {
                 Id = 3,
                 Key = Guid.NewGuid(),
@@ -87,7 +68,6 @@ namespace Umbraco.Tests.Models
                 CreateDate = DateTime.Now,
                 Name = "Test",
                 Comments = "comments",
-                DefaultPermissions = new[] { "a", "b", "c" },
                 DefaultToLiveEditing = false,
                 Email = "test@test.com",
                 Language = "en",
@@ -102,8 +82,8 @@ namespace Umbraco.Tests.Models
                 PasswordQuestion = "question",
                 //ProviderUserKey = "user key",
                 SessionTimeout = 5,
-                StartContentId = 3,
-                StartMediaId = 8,
+                StartContentIds = new[] { 3 },
+                StartMediaIds = new[] { 8 },
                 Username = "username"
             };
 
diff --git a/src/Umbraco.Tests/Models/UserTypeTests.cs b/src/Umbraco.Tests/Models/UserTypeTests.cs
deleted file mode 100644
index 0406107fb1..0000000000
--- a/src/Umbraco.Tests/Models/UserTypeTests.cs
+++ /dev/null
@@ -1,61 +0,0 @@
-using System;
-using System.Diagnostics;
-using System.Linq;
-using NUnit.Framework;
-using Umbraco.Core.Models.Membership;
-using Umbraco.Core.Serialization;
-
-namespace Umbraco.Tests.Models
-{
-    [TestFixture]
-    public class UserTypeTests
-    {
-        [Test]
-        public void Can_Deep_Clone()
-        {
-            var item = new UserType()
-            {
-                Id = 3,
-                Key = Guid.NewGuid(),
-                UpdateDate = DateTime.Now,
-                CreateDate = DateTime.Now,
-                Name = "Test",
-                Alias = "test",
-                Permissions = new[] {"a", "b", "c"}
-            };
-
-            var clone = (UserType)item.DeepClone();
-
-            Assert.AreNotSame(clone, item);
-            Assert.AreEqual(clone, item);
-
-            //Verify normal properties with reflection
-            var allProps = clone.GetType().GetProperties();
-            foreach (var propertyInfo in allProps)
-            {
-                Assert.AreEqual(propertyInfo.GetValue(clone, null), propertyInfo.GetValue(item, null));
-            }
-        }
-
-        [Test]
-        public void Can_Serialize_Without_Error()
-        {
-            var ss = new SerializationService(new JsonNetSerializer());
-
-            var item = new UserType()
-            {
-                Id = 3,
-                Key = Guid.NewGuid(),
-                UpdateDate = DateTime.Now,
-                CreateDate = DateTime.Now,
-                Name = "Test",
-                Alias = "test",
-                Permissions = new[] { "a", "b", "c" }
-            };
-
-            var result = ss.ToStream(item);
-            var json = result.ResultStream.ToJsonString();
-            Debug.Print(json);
-        }
-    }
-}
diff --git a/src/Umbraco.Tests/Persistence/DatabaseFactoryTests.cs b/src/Umbraco.Tests/Persistence/DatabaseFactoryTests.cs
deleted file mode 100644
index ceb82624c2..0000000000
--- a/src/Umbraco.Tests/Persistence/DatabaseFactoryTests.cs
+++ /dev/null
@@ -1,18 +0,0 @@
-using NUnit.Framework;
-using Umbraco.Core.Persistence;
-
-namespace Umbraco.Tests.Persistence
-{
-    [TestFixture]
-    public class DatabaseFactoryTests
-    {
-        [Test]
-        public void Can_Verify_Single_Database_Instance()
-        {
-            var db1 = DatabaseFactory.Current.Database;
-            var db2 = DatabaseFactory.Current.Database;
-
-            Assert.AreSame(db1, db2);
-        }
-    }
-}
diff --git a/src/Umbraco.Tests/Persistence/PetaPocoDynamicQueryTests.cs b/src/Umbraco.Tests/Persistence/PetaPocoDynamicQueryTests.cs
deleted file mode 100644
index f5f6d5df44..0000000000
--- a/src/Umbraco.Tests/Persistence/PetaPocoDynamicQueryTests.cs
+++ /dev/null
@@ -1,133 +0,0 @@
-//using System;
-//using System.Linq;
-//using NUnit.Framework;
-//using Umbraco.Core.Models;
-//using Umbraco.Core.Persistence;
-//using Umbraco.Core.Persistence.SqlSyntax;
-//using Umbraco.Tests.TestHelpers;
-//using Umbraco.Tests.TestHelpers.Entities;
-
-//namespace Umbraco.Tests.Persistence
-//{
-//    [DatabaseTestBehavior(DatabaseBehavior.NewDbFileAndSchemaPerTest)]
-//    [TestFixture]
-//    public class PetaPocoDynamicQueryTests : BaseDatabaseFactoryTest
-//    {
-//        [Test]
-//        public void Check_Poco_Storage_Growth()
-//        {
-//            //CreateStuff();
-
-//            for (int i = 0; i < 1000; i++)
-//            {
-//                DatabaseContext.Database.Fetch<dynamic>(
-//                    "SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='" + i + "'");
-//            }
-
-//            //var oc11 = Database.PocoData.GetCachedPocoData().Count();
-//            //var oc12 = Database.PocoData.GetConverters().Count();
-//            //var oc13 = Database.GetAutoMappers().Count();
-//            //var oc14 = Database.GetMultiPocoFactories().Count();
-
-//            //for (int i = 0; i < 2; i++)
-//            //{
-//            //    i1 = DatabaseContext.Database.Fetch<dynamic>("SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES");
-//            //    r1 = i1.Select(x => x.TABLE_NAME).Cast<string>().ToList();
-//            //}
-
-//            //var oc21 = Database.PocoData.GetCachedPocoData().Count();
-//            //var oc22 = Database.PocoData.GetConverters().Count();
-//            //var oc23 = Database.GetAutoMappers().Count();
-//            //var oc24 = Database.GetMultiPocoFactories().Count();
-
-//            //var roots = ServiceContext.ContentService.GetRootContent();
-//            //foreach (var content in roots)
-//            //{
-//            //    var d = ServiceContext.ContentService.GetDescendants(content);
-//            //}
-
-//            //var oc31 = Database.PocoData.GetCachedPocoData().Count();
-//            //var oc32 = Database.PocoData.GetConverters().Count();
-//            //var oc33 = Database.GetAutoMappers().Count();
-//            //var oc34 = Database.GetMultiPocoFactories().Count();
-
-//            //for (int i = 0; i < 2; i++)
-//            //{
-//            //    roots = ServiceContext.ContentService.GetRootContent();
-//            //    foreach (var content in roots)
-//            //    {
-//            //        var d = ServiceContext.ContentService.GetDescendants(content);
-//            //    }
-//            //}
-
-//            //var oc41 = Database.PocoData.GetCachedPocoData().Count();
-//            //var oc42 = Database.PocoData.GetConverters().Count();
-//            //var oc43 = Database.GetAutoMappers().Count();
-//            //var oc44 = Database.GetMultiPocoFactories().Count();
-
-//            //var i2 = DatabaseContext.Database.Fetch<dynamic>("SELECT TABLE_NAME, COLUMN_NAME, ORDINAL_POSITION, COLUMN_DEFAULT, IS_NULLABLE, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS");
-//            //var r2 =
-//            //    i2.Select(
-//            //        item =>
-//            //        new ColumnInfo(item.TABLE_NAME, item.COLUMN_NAME, item.ORDINAL_POSITION, item.COLUMN_DEFAULT,
-//            //                       item.IS_NULLABLE, item.DATA_TYPE)).ToList();
-
-
-//            var pocoData = Database.PocoData.GetCachedPocoData();
-//            Console.WriteLine("GetCachedPocoData: " + pocoData.Count());
-//            foreach (var keyValuePair in pocoData)
-//            {
-//                Console.WriteLine(keyValuePair.Value.GetFactories().Count());
-//            }
-
-//            Console.WriteLine("GetConverters: " + Database.PocoData.GetConverters().Count());
-//            Console.WriteLine("GetAutoMappers: " + Database.GetAutoMappers().Count());
-//            Console.WriteLine("GetMultiPocoFactories: " + Database.GetMultiPocoFactories().Count());
-
-//            //Assert.AreEqual(oc11, oc21);
-//            //Assert.AreEqual(oc12, oc22);
-//            //Assert.AreEqual(oc13, oc23);
-//            //Assert.AreEqual(oc14, oc24);
-
-//            //Assert.AreEqual(oc31, oc41);
-//            //Assert.AreEqual(oc32, oc42);
-//            //Assert.AreEqual(oc33, oc43);
-//            //Assert.AreEqual(oc34, oc44);
-//        }
-
-//        public void CreateStuff()
-//        {
-//            var contentType1 = MockedContentTypes.CreateTextpageContentType("test1", "test1");
-//            var contentType2 = MockedContentTypes.CreateTextpageContentType("test2", "test2");
-//            var contentType3 = MockedContentTypes.CreateTextpageContentType("test3", "test3");
-//            ServiceContext.ContentTypeService.Save(new[] { contentType1, contentType2, contentType3 });
-//            contentType1.AllowedContentTypes = new[]
-//            {
-//                new ContentTypeSort(new Lazy<int>(() => contentType2.Id), 0, contentType2.Alias),
-//                new ContentTypeSort(new Lazy<int>(() => contentType3.Id), 1, contentType3.Alias)
-//            };
-//            contentType2.AllowedContentTypes = new[]
-//            {
-//                new ContentTypeSort(new Lazy<int>(() => contentType1.Id), 0, contentType1.Alias),
-//                new ContentTypeSort(new Lazy<int>(() => contentType3.Id), 1, contentType3.Alias)
-//            };
-//            contentType3.AllowedContentTypes = new[]
-//            {
-//                new ContentTypeSort(new Lazy<int>(() => contentType1.Id), 0, contentType1.Alias),
-//                new ContentTypeSort(new Lazy<int>(() => contentType2.Id), 1, contentType2.Alias)
-//            };
-//            ServiceContext.ContentTypeService.Save(new[] { contentType1, contentType2, contentType3 });
-
-//            var roots = MockedContent.CreateTextpageContent(contentType1, -1, 3);
-//            ServiceContext.ContentService.Save(roots);
-//            foreach (var root in roots)
-//            {
-//                var item1 = MockedContent.CreateTextpageContent(contentType1, root.Id, 3);
-//                var item2 = MockedContent.CreateTextpageContent(contentType2, root.Id, 3);
-//                var item3 = MockedContent.CreateTextpageContent(contentType3, root.Id, 3);
-
-//                ServiceContext.ContentService.Save(item1.Concat(item2).Concat(item3));
-//            }
-//        }
-//    }
-//}
diff --git a/src/Umbraco.Tests/Persistence/Querying/QueryBuilderTests.cs b/src/Umbraco.Tests/Persistence/Querying/QueryBuilderTests.cs
index 9d7a87ca8e..d25d75c016 100644
--- a/src/Umbraco.Tests/Persistence/Querying/QueryBuilderTests.cs
+++ b/src/Umbraco.Tests/Persistence/Querying/QueryBuilderTests.cs
@@ -24,7 +24,7 @@ namespace Umbraco.Tests.Persistence.Querying
             sql.SelectAll();
             sql.From("umbracoNode");
 
-            var query = new Query<IContent>(SqlContext.SqlSyntax, Mappers).Where(x => x.Path.StartsWith("-1"));
+            var query = new Query<IContent>(SqlContext).Where(x => x.Path.StartsWith("-1"));
 
             // Act
             var translator = new SqlTranslator<IContent>(sql, query);
@@ -51,7 +51,7 @@ namespace Umbraco.Tests.Persistence.Querying
             sql.SelectAll();
             sql.From("umbracoNode");
 
-            var query = new Query<IContent>(SqlContext.SqlSyntax, Mappers).Where(x => x.ParentId == -1);
+            var query = new Query<IContent>(SqlContext).Where(x => x.ParentId == -1);
 
             // Act
             var translator = new SqlTranslator<IContent>(sql, query);
@@ -78,7 +78,7 @@ namespace Umbraco.Tests.Persistence.Querying
             sql.SelectAll();
             sql.From("umbracoNode");
 
-            var query = new Query<IContentType>(SqlContext.SqlSyntax, Mappers).Where(x => x.Alias == "umbTextpage");
+            var query = new Query<IContentType>(SqlContext).Where(x => x.Alias == "umbTextpage");
 
             // Act
             var translator = new SqlTranslator<IContentType>(sql, query);
@@ -115,7 +115,7 @@ namespace Umbraco.Tests.Persistence.Querying
                 .On<ContentDto, NodeDto>(left => left.NodeId, right => right.NodeId)
                 .Where<NodeDto>(x => x.NodeObjectType == nodeObjectTypeId);
 
-            var query = new Query<IContent>(SqlContext.SqlSyntax, Mappers).Where(x => x.Path.StartsWith(path) && x.Id != id && x.Published == true && x.Trashed == false);
+            var query = new Query<IContent>(SqlContext).Where(x => x.Path.StartsWith(path) && x.Id != id && x.Published == true && x.Trashed == false);
 
             // Act
             var translator = new SqlTranslator<IContent>(sql, query);
diff --git a/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs
index f690247bf5..2d1dba886e 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/ContentRepositoryTest.cs
@@ -2,9 +2,7 @@
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
-using System.Xml.Linq;
 using Moq;
-using NPoco;
 using NUnit.Framework;
 using Umbraco.Core;
 using Umbraco.Core.Configuration.UmbracoSettings;
@@ -17,7 +15,6 @@ using Umbraco.Core.Persistence.UnitOfWork;
 using Umbraco.Tests.TestHelpers;
 using Umbraco.Tests.TestHelpers.Entities;
 using Umbraco.Core.Persistence.DatabaseModelDefinitions;
-using Umbraco.Core.Persistence.Querying;
 using Umbraco.Core.Persistence.SqlSyntax;
 using Umbraco.Core.Scoping;
 using Umbraco.Tests.Testing;
@@ -63,7 +60,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             templateRepository = new TemplateRepository(unitOfWork, CacheHelper, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
             var tagRepository = new TagRepository(unitOfWork, CacheHelper, Logger);
             contentTypeRepository = new ContentTypeRepository(unitOfWork, CacheHelper, Logger, templateRepository);
-            var repository = new ContentRepository(unitOfWork, CacheHelper, Logger, contentTypeRepository, templateRepository, tagRepository);
+            var repository = new ContentRepository(unitOfWork, CacheHelper, Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
             return repository;
         }
 
@@ -302,40 +299,6 @@ namespace Umbraco.Tests.Persistence.Repositories
             }
         }
 
-        [Test]
-        public void Ensures_Permissions_Are_Set_If_Parent_Entity_Permissions_Exist()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                ContentTypeRepository contentTypeRepository;
-                var repository = CreateRepository(unitOfWork, out contentTypeRepository);
-                var contentType = MockedContentTypes.CreateSimpleContentType("umbTextpage1", "Textpage");
-                contentType.AllowedContentTypes = new List<ContentTypeSort>
-                {
-                    new ContentTypeSort(new Lazy<int>(() => contentType.Id), 0, contentType.Alias)
-                };
-                var parentPage = MockedContent.CreateSimpleContent(contentType);
-                contentTypeRepository.AddOrUpdate(contentType);
-                repository.AddOrUpdate(parentPage);
-                unitOfWork.Flush();
-
-                // Act
-                repository.AssignEntityPermission(parentPage, 'A', new int[] { 0 });
-                var childPage = MockedContent.CreateSimpleContent(contentType, "child", parentPage);
-                repository.AddOrUpdate(childPage);
-                unitOfWork.Flush();
-
-                // Assert
-                var permissions = repository.GetPermissionsForEntity(childPage.Id);
-                Assert.AreEqual(1, permissions.Count());
-                Assert.AreEqual("A", permissions.Single().AssignedPermissions.First());
-
-                unitOfWork.Complete();
-            }
-        }
-
         [Test]
         public void Can_Perform_Add_On_ContentRepository()
         {
diff --git a/src/Umbraco.Tests/Persistence/Repositories/ContentTypeRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/ContentTypeRepositoryTest.cs
index d607176035..23676e2233 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/ContentTypeRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/ContentTypeRepositoryTest.cs
@@ -36,7 +36,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var templateRepository = new TemplateRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
             var tagRepository = new TagRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger);
             contentTypeRepository = new ContentTypeRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger, templateRepository);
-            var repository = new ContentRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger, contentTypeRepository, templateRepository, tagRepository);
+            var repository = new ContentRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
             return repository;
         }
 
diff --git a/src/Umbraco.Tests/Persistence/Repositories/DomainRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/DomainRepositoryTest.cs
index f2b8e3f1d1..cf70a5afc5 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/DomainRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/DomainRepositoryTest.cs
@@ -23,7 +23,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var templateRepository = new TemplateRepository(unitOfWork, DisabledCache, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
             var tagRepository = new TagRepository(unitOfWork, DisabledCache, Logger);
             contentTypeRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, templateRepository);
-            contentRepository = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository);
+            contentRepository = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
             languageRepository = new LanguageRepository(unitOfWork, DisabledCache, Logger);
             var domainRepository = new DomainRepository(unitOfWork, DisabledCache, Logger);
             return domainRepository;
diff --git a/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs
index f6b83f1fe1..37831488fb 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/NotificationsRepositoryTest.cs
@@ -49,7 +49,7 @@ namespace Umbraco.Tests.Persistence.Repositories
 
                 var repo = new NotificationsRepository(unitOfWork);
 
-                var userDto = new UserDto { ContentStartId = -1, Email = "test", Login = "test", MediaStartId = -1, Password = "test", Type = 1, UserName = "test", UserLanguage = "en" };
+                var userDto = new UserDto { Email = "test", Login = "test", Password = "test", UserName = "test", UserLanguage = "en", CreateDate = DateTime.Now, UpdateDate = DateTime.Now };
                 unitOfWork.Database.Insert(userDto);
 
                 var userNew = Mock.Of<IUser>(e => e.Id == userDto.Id);
@@ -87,7 +87,7 @@ namespace Umbraco.Tests.Persistence.Repositories
 
                 for (var i = 0; i < 10; i++)
                 {
-                    var userDto = new UserDto { ContentStartId = -1, Email = "test" + i, Login = "test" + i, MediaStartId = -1, Password = "test", Type = 1, UserName = "test" + i, UserLanguage = "en" };
+                    var userDto = new UserDto { Email = "test" + i, Login = "test" + i, Password = "test", UserName = "test" + i, UserLanguage = "en", CreateDate = DateTime.Now, UpdateDate = DateTime.Now };
                     unitOfWork.Database.Insert(userDto);
                     var userNew = Mock.Of<IUser>(e => e.Id == userDto.Id);
                     var notification = repo.CreateNotification(userNew, (i%2 == 0) ? entity1 : entity2, i.ToString(CultureInfo.InvariantCulture));
@@ -117,7 +117,7 @@ namespace Umbraco.Tests.Persistence.Repositories
 
                 for (var i = 0; i < 10; i++)
                 {
-                    var userDto = new UserDto { ContentStartId = -1, Email = "test" + i, Login = "test" + i, MediaStartId = -1, Password = "test", Type = 1, UserName = "test" + i, UserLanguage = "en" };
+                    var userDto = new UserDto { Email = "test" + i, Login = "test" + i, Password = "test", UserName = "test" + i, UserLanguage = "en", CreateDate = DateTime.Now, UpdateDate = DateTime.Now };
                     unitOfWork.Database.Insert(userDto);
                     var userNew = Mock.Of<IUser>(e => e.Id == userDto.Id);
                     var notification = repo.CreateNotification(userNew, (i%2 == 0) ? entity1 : entity2, i.ToString(CultureInfo.InvariantCulture));
@@ -138,7 +138,7 @@ namespace Umbraco.Tests.Persistence.Repositories
 
                 var repo = new NotificationsRepository(unitOfWork);
 
-                var userDto = new UserDto { ContentStartId = -1, Email = "test", Login = "test", MediaStartId = -1, Password = "test", Type = 1, UserName = "test", UserLanguage = "en" };
+                var userDto = new UserDto { Email = "test", Login = "test", Password = "test", UserName = "test", UserLanguage = "en", CreateDate = DateTime.Now, UpdateDate = DateTime.Now };
                 unitOfWork.Database.Insert(userDto);
 
                 var userNew = Mock.Of<IUser>(e => e.Id == userDto.Id);
diff --git a/src/Umbraco.Tests/Persistence/Repositories/PublicAccessRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/PublicAccessRepositoryTest.cs
index 9c5e938298..788e132baf 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/PublicAccessRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/PublicAccessRepositoryTest.cs
@@ -308,7 +308,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var templateRepository = new TemplateRepository(unitOfWork, CacheHelper, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
             var tagRepository = new TagRepository(unitOfWork, CacheHelper, Logger);
             contentTypeRepository = new ContentTypeRepository(unitOfWork, CacheHelper, Logger, templateRepository);
-            var repository = new ContentRepository(unitOfWork, CacheHelper, Logger, contentTypeRepository, templateRepository, tagRepository);
+            var repository = new ContentRepository(unitOfWork, CacheHelper, Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
             return repository;
         }
 
diff --git a/src/Umbraco.Tests/Persistence/Repositories/TagRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/TagRepositoryTest.cs
index bfb8096761..279a693238 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/TagRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/TagRepositoryTest.cs
@@ -991,7 +991,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var templateRepository = new TemplateRepository(unitOfWork, DisabledCache, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
             var tagRepository = new TagRepository(unitOfWork, DisabledCache, Logger);
             contentTypeRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, templateRepository);
-            var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository);
+            var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
             return repository;
         }
 
diff --git a/src/Umbraco.Tests/Persistence/Repositories/TemplateRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/TemplateRepositoryTest.cs
index 681f1b5215..5ff945f1d4 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/TemplateRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/TemplateRepositoryTest.cs
@@ -404,7 +404,7 @@ namespace Umbraco.Tests.Persistence.Repositories
 
                 var tagRepository = new TagRepository(unitOfWork, DisabledCache, Logger);
                 var contentTypeRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, templateRepository);
-                var contentRepo = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository);
+                var contentRepo = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
 
                 var contentType = MockedContentTypes.CreateSimpleContentType("umbTextpage2", "Textpage");
                 var textpage = MockedContent.CreateSimpleContent(contentType);
diff --git a/src/Umbraco.Tests/Persistence/Repositories/UserGroupRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/UserGroupRepositoryTest.cs
new file mode 100644
index 0000000000..73bef21bfd
--- /dev/null
+++ b/src/Umbraco.Tests/Persistence/Repositories/UserGroupRepositoryTest.cs
@@ -0,0 +1,420 @@
+using System.Linq;
+using Moq;
+using NUnit.Framework;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Models.Membership;
+using Umbraco.Core.Persistence.Repositories;
+using Umbraco.Core.Persistence.UnitOfWork;
+using Umbraco.Tests.TestHelpers;
+using Umbraco.Tests.TestHelpers.Entities;
+using Umbraco.Tests.Testing;
+
+namespace Umbraco.Tests.Persistence.Repositories
+{
+    [TestFixture]
+    [UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerTest)]
+    public class UserGroupRepositoryTest : TestWithDatabaseBase
+    {
+        private UserGroupRepository CreateRepository(IScopeUnitOfWork unitOfWork)
+        {
+            return new UserGroupRepository(unitOfWork, Core.Cache.CacheHelper.CreateDisabledCacheHelper(), Mock.Of<ILogger>());            
+        }
+
+        [Test]
+        public void Can_Perform_Add_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroup = MockedUserGroup.CreateUserGroup();
+
+                // Act
+                repository.AddOrUpdate(userGroup);
+                unitOfWork.Complete();
+
+                // Assert
+                Assert.That(userGroup.HasIdentity, Is.True);
+            }
+        }
+
+        [Test]
+        public void Can_Perform_Multiple_Adds_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroup1 = MockedUserGroup.CreateUserGroup("1");
+                var userGroup2 = MockedUserGroup.CreateUserGroup("2");
+
+                // Act
+                repository.AddOrUpdate(userGroup1);
+                unitOfWork.Flush();
+                repository.AddOrUpdate(userGroup2);
+                unitOfWork.Complete();
+
+                // Assert
+                Assert.That(userGroup1.HasIdentity, Is.True);
+                Assert.That(userGroup2.HasIdentity, Is.True);
+            }
+        }
+
+        [Test]
+        public void Can_Verify_Fresh_Entity_Is_Not_Dirty()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroup = MockedUserGroup.CreateUserGroup();
+                repository.AddOrUpdate(userGroup);
+                unitOfWork.Complete();
+
+                // Act
+                var resolved = repository.Get(userGroup.Id);
+                bool dirty = ((UserGroup)resolved).IsDirty();
+
+                // Assert
+                Assert.That(dirty, Is.False);
+            }
+        }
+
+        [Test]
+        public void Can_Perform_Update_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroup = MockedUserGroup.CreateUserGroup();
+                repository.AddOrUpdate(userGroup);
+                unitOfWork.Flush();
+
+                // Act
+                var resolved = repository.Get(userGroup.Id);
+                resolved.Name = "New Name";
+                resolved.Permissions = new[] { "Z", "Y", "X" };
+                repository.AddOrUpdate(resolved);
+                unitOfWork.Complete();
+                var updatedItem = repository.Get(userGroup.Id);
+
+                // Assert
+                Assert.That(updatedItem.Id, Is.EqualTo(resolved.Id));
+                Assert.That(updatedItem.Name, Is.EqualTo(resolved.Name));
+                Assert.That(updatedItem.Permissions, Is.EqualTo(resolved.Permissions));
+            }
+        }
+
+        [Test]
+        public void Can_Perform_Delete_On_UserGroupRepository()
+        {
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroup = MockedUserGroup.CreateUserGroup();
+
+                // Act
+                repository.AddOrUpdate(userGroup);
+                unitOfWork.Flush();
+                var id = userGroup.Id;
+
+                var repository2 = new UserGroupRepository(unitOfWork, Core.Cache.CacheHelper.CreateDisabledCacheHelper(), Logger);
+                repository2.Delete(userGroup);
+                unitOfWork.Complete();
+
+                var resolved = repository2.Get(id);
+
+                // Assert
+                Assert.That(resolved, Is.Null);
+            }
+        }
+
+        [Test]
+        public void Can_Perform_Get_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroup = MockedUserGroup.CreateUserGroup();
+                repository.AddOrUpdate(userGroup);
+                unitOfWork.Complete();
+
+                // Act
+                var resolved = repository.Get(userGroup.Id);
+
+                // Assert
+                Assert.That(resolved.Id, Is.EqualTo(userGroup.Id));
+                //Assert.That(resolved.CreateDate, Is.GreaterThan(DateTime.MinValue));
+                //Assert.That(resolved.UpdateDate, Is.GreaterThan(DateTime.MinValue));
+                Assert.That(resolved.Name, Is.EqualTo(userGroup.Name));
+                Assert.That(resolved.Alias, Is.EqualTo(userGroup.Alias));
+                Assert.That(resolved.Permissions, Is.EqualTo(userGroup.Permissions));
+            }
+        }
+
+        [Test]
+        public void Can_Perform_GetByQuery_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+                var query = unitOfWork.Query<IUserGroup>().Where(x => x.Alias == "testUserGroup1");
+                var result = repository.GetByQuery(query);
+
+                // Assert
+                Assert.That(result.Count(), Is.GreaterThanOrEqualTo(1));
+            }
+        }
+
+        [Test]
+        public void Can_Perform_GetAll_By_Param_Ids_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroups = CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+                var result = repository.GetAll(userGroups[0].Id, userGroups[1].Id);
+
+                // Assert
+                Assert.That(result, Is.Not.Null);
+                Assert.That(result.Any(), Is.True);
+                Assert.That(result.Count(), Is.EqualTo(2));
+            }
+        }
+
+        [Test]
+        public void Can_Perform_GetAll_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+                var result = repository.GetAll();
+
+                // Assert
+                Assert.That(result, Is.Not.Null);
+                Assert.That(result.Any(), Is.True);
+                Assert.That(result.Count(), Is.GreaterThanOrEqualTo(3));
+            }
+        }
+
+        [Test]
+        public void Can_Perform_Exists_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroups = CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+                var exists = repository.Exists(userGroups[0].Id);
+
+                // Assert
+                Assert.That(exists, Is.True);
+            }
+        }
+
+        [Test]
+        public void Can_Perform_Count_On_UserGroupRepository()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var userGroups = CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+                var query = unitOfWork.Query<IUserGroup>().Where(x => x.Alias == "testUserGroup1" || x.Alias == "testUserGroup2");
+                var result = repository.Count(query);
+
+                // Assert
+                Assert.That(result, Is.GreaterThanOrEqualTo(2));
+            }
+        }
+
+        [Test]
+        public void Can_Remove_Section_For_Group()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var groups = CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+
+                //add and remove a few times, this tests the internal collection
+                groups[0].RemoveAllowedSection("content");
+                groups[0].RemoveAllowedSection("content");
+                groups[0].AddAllowedSection("content");
+                groups[0].RemoveAllowedSection("content");
+
+                groups[1].RemoveAllowedSection("media");
+                groups[1].RemoveAllowedSection("media");
+
+                repository.AddOrUpdate(groups[0]);
+                repository.AddOrUpdate(groups[1]);
+                unitOfWork.Complete();
+
+                // Assert
+                var result = repository.GetAll((int)groups[0].Id, (int)groups[1].Id).ToArray();
+                Assert.AreEqual(1, result[0].AllowedSections.Count());
+                Assert.AreEqual("media", result[0].AllowedSections.First());
+                Assert.AreEqual(1, result[1].AllowedSections.Count());
+                Assert.AreEqual("content", result[1].AllowedSections.First());
+            }
+        }
+
+        [Test]
+        public void Can_Add_Section_ForGroup()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var groups = CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+
+                //add and remove a few times, this tests the internal collection
+                groups[0].ClearAllowedSections();
+                groups[0].AddAllowedSection("content");
+                groups[0].AddAllowedSection("media");
+                groups[0].RemoveAllowedSection("content");
+                groups[0].AddAllowedSection("content");
+                groups[0].AddAllowedSection("settings");
+
+                //add the same even though it's already there
+                groups[0].AddAllowedSection("content");
+
+                groups[1].ClearAllowedSections();
+                groups[1].AddAllowedSection("developer");
+
+                groups[2].ClearAllowedSections();
+
+                repository.AddOrUpdate(groups[0]);
+                repository.AddOrUpdate(groups[1]);
+                repository.AddOrUpdate(groups[2]);
+                unitOfWork.Complete();
+
+                // Assert
+                var result = repository.GetAll((int)groups[0].Id, (int)groups[1].Id, (int)groups[2].Id).ToArray();
+                Assert.AreEqual(3, result[0].AllowedSections.Count());
+                Assert.IsTrue(result[0].AllowedSections.Contains("content"));
+                Assert.IsTrue(result[0].AllowedSections.Contains("media"));
+                Assert.IsTrue(result[0].AllowedSections.Contains("settings"));
+                Assert.AreEqual(1, result[1].AllowedSections.Count());
+                Assert.IsTrue(result[1].AllowedSections.Contains("developer"));
+                Assert.AreEqual(0, result[2].AllowedSections.Count());
+            }
+        }
+
+        [Test]
+        public void Can_Update_Section_For_Group()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var groups = CreateAndCommitMultipleUserGroups(repository, unitOfWork);
+
+                // Act
+
+                groups[0].RemoveAllowedSection("content");
+                groups[0].AddAllowedSection("settings");
+
+                repository.AddOrUpdate(groups[0]);
+                unitOfWork.Complete();
+
+                // Assert
+                var result = repository.Get((int)groups[0].Id);
+                Assert.AreEqual(2, result.AllowedSections.Count());
+                Assert.IsTrue(result.AllowedSections.Contains("settings"));
+                Assert.IsTrue(result.AllowedSections.Contains("media"));
+            }
+        }
+
+
+        [Test]
+        public void Get_Groups_Assigned_To_Section()
+        {
+            // Arrange
+            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
+            using (var unitOfWork = provider.CreateUnitOfWork())
+            {
+                var repository = CreateRepository(unitOfWork);
+
+                var user1 = MockedUserGroup.CreateUserGroup("1", allowedSections: new[] { "test1" });
+                var user2 = MockedUserGroup.CreateUserGroup("2", allowedSections: new[] { "test2" });
+                var user3 = MockedUserGroup.CreateUserGroup("3", allowedSections: new[] { "test1" });
+                repository.AddOrUpdate(user1);
+                repository.AddOrUpdate(user2);
+                repository.AddOrUpdate(user3);
+                unitOfWork.Complete();
+
+                // Act
+                var groups = repository.GetGroupsAssignedToSection("test1");
+
+                // Assert            
+                Assert.AreEqual(2, groups.Count());
+                var names = groups.Select(x => x.Name).ToArray();
+                Assert.IsTrue(names.Contains("TestUserGroup1"));
+                Assert.IsFalse(names.Contains("TestUserGroup2"));
+                Assert.IsTrue(names.Contains("TestUserGroup3"));
+            }
+        }
+
+        private IUserGroup[] CreateAndCommitMultipleUserGroups(IUserGroupRepository repository, IUnitOfWork unitOfWork)
+        {
+            var userGroup1 = MockedUserGroup.CreateUserGroup("1");
+            var userGroup2 = MockedUserGroup.CreateUserGroup("2");
+            var userGroup3 = MockedUserGroup.CreateUserGroup("3");
+            repository.AddOrUpdate(userGroup1);
+            repository.AddOrUpdate(userGroup2);
+            repository.AddOrUpdate(userGroup3);
+            unitOfWork.Complete();
+            return new IUserGroup[] { userGroup1, userGroup2, userGroup3 };
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs
index ea34838bcd..348e4d7301 100644
--- a/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs
+++ b/src/Umbraco.Tests/Persistence/Repositories/UserRepositoryTest.cs
@@ -1,7 +1,10 @@
 using System.Linq;
 using Moq;
 using NUnit.Framework;
+using Umbraco.Core;
 using Umbraco.Core.Cache;
+using Umbraco.Core.Configuration.UmbracoSettings;
+using Umbraco.Core.IO;
 using Umbraco.Core.Logging;
 using Umbraco.Core.Models.Membership;
 using Umbraco.Core.Persistence.Mappers;
@@ -17,13 +20,39 @@ namespace Umbraco.Tests.Persistence.Repositories
     [UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerTest)]
     public class UserRepositoryTest : TestWithDatabaseBase
     {
-        private UserRepository CreateRepository(IScopeUnitOfWork unitOfWork, out UserTypeRepository userTypeRepository)
+        private MediaRepository CreateMediaRepository(IScopeUnitOfWork unitOfWork, out IMediaTypeRepository mediaTypeRepository)
         {
-            userTypeRepository = new UserTypeRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Mock.Of<ILogger>());
-            var repository = new UserRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Mock.Of<ILogger>(), userTypeRepository, Mock.Of<IMapperCollection>());
+            mediaTypeRepository = new MediaTypeRepository(unitOfWork, CacheHelper, Mock.Of<ILogger>());
+            var tagRepository = new TagRepository(unitOfWork, CacheHelper, Mock.Of<ILogger>());
+            var repository = new MediaRepository(unitOfWork, CacheHelper, Mock.Of<ILogger>(), mediaTypeRepository, tagRepository, Mock.Of<IContentSection>());
             return repository;
         }
 
+        private ContentRepository CreateContentRepository(IScopeUnitOfWork unitOfWork, out IContentTypeRepository contentTypeRepository)
+        {
+            ITemplateRepository tr;
+            return CreateContentRepository(unitOfWork, out contentTypeRepository, out tr);
+        }
+
+        private ContentRepository CreateContentRepository(IScopeUnitOfWork unitOfWork, out IContentTypeRepository contentTypeRepository, out ITemplateRepository templateRepository)
+        {
+            templateRepository = new TemplateRepository(unitOfWork, CacheHelper, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
+            var tagRepository = new TagRepository(unitOfWork, CacheHelper, Logger);
+            contentTypeRepository = new ContentTypeRepository(unitOfWork, CacheHelper, Logger, templateRepository);
+            var repository = new ContentRepository(unitOfWork, CacheHelper, Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
+            return repository;
+        }
+
+        private UserRepository CreateRepository(IScopeUnitOfWork unitOfWork)
+        {
+            var repository = new UserRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Mock.Of<ILogger>(), Mock.Of<IMapperCollection>());
+            return repository;
+        }
+
+        private UserGroupRepository CreateUserGroupRepository(IScopeUnitOfWork unitOfWork)
+        {
+            return new UserGroupRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Mock.Of<ILogger>());
+        }
 
         [Test]
         public void Can_Perform_Add_On_UserRepository()
@@ -32,10 +61,9 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
-                var user = MockedUser.CreateUser(CreateAndCommitUserType());
+                var user = MockedUser.CreateUser();
 
                 // Act
                 repository.AddOrUpdate(user);
@@ -53,11 +81,10 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
-                var user1 = MockedUser.CreateUser(CreateAndCommitUserType(), "1");
-                var use2 = MockedUser.CreateUser(CreateAndCommitUserType(), "2");
+                var user1 = MockedUser.CreateUser("1");
+                var use2 = MockedUser.CreateUser("2");
 
                 // Act
                 repository.AddOrUpdate(user1);
@@ -78,10 +105,9 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
-                var user = MockedUser.CreateUser(CreateAndCommitUserType());
+                var user = MockedUser.CreateUser();
                 repository.AddOrUpdate(user);
                 unitOfWork.Flush();
 
@@ -97,19 +123,32 @@ namespace Umbraco.Tests.Persistence.Repositories
         [Test]
         public void Can_Perform_Update_On_UserRepository()
         {
+            var ct = MockedContentTypes.CreateBasicContentType("test");
+            var content = MockedContent.CreateBasicContent(ct);
+            var mt = MockedContentTypes.CreateSimpleMediaType("testmedia", "TestMedia");
+            var media = MockedMedia.CreateSimpleMedia(mt, "asdf", -1);
+
             // Arrange
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var userRepository = CreateRepository(unitOfWork);
+                var contentRepository = CreateContentRepository(unitOfWork, out var contentTypeRepo);
+                var mediaRepository = CreateMediaRepository(unitOfWork, out var mediaTypeRepo);
+                var userGroupRepository = CreateUserGroupRepository(unitOfWork);
 
-                var user = MockedUser.CreateUser(CreateAndCommitUserType());
-                repository.AddOrUpdate(user);
+                contentTypeRepo.AddOrUpdate(ct);
+                mediaTypeRepo.AddOrUpdate(mt);
                 unitOfWork.Flush();
 
+                contentRepository.AddOrUpdate(content);
+                mediaRepository.AddOrUpdate(media);
+                unitOfWork.Flush();
+
+                var user = CreateAndCommitUserWithGroup(userRepository, userGroupRepository, unitOfWork);
+
                 // Act
-                var resolved = (User)repository.Get((int)user.Id);
+                var resolved = (User)userRepository.Get((int)user.Id);
 
                 resolved.Name = "New Name";
                 //the db column is not used, default permissions are taken from the user type's permissions, this is a getter only
@@ -118,29 +157,28 @@ namespace Umbraco.Tests.Persistence.Repositories
                 resolved.IsApproved = false;
                 resolved.RawPasswordValue = "new";
                 resolved.IsLockedOut = true;
-                resolved.StartContentId = 10;
-                resolved.StartMediaId = 11;
+                resolved.StartContentIds = new[] { content.Id };
+                resolved.StartMediaIds = new[] { media.Id };
                 resolved.Email = "new@new.com";
                 resolved.Username = "newName";
-                resolved.RemoveAllowedSection("content");
 
-                repository.AddOrUpdate(resolved);
+                userRepository.AddOrUpdate(resolved);
                 unitOfWork.Flush();
-                var updatedItem = (User)repository.Get((int)user.Id);
+                var updatedItem = (User)userRepository.Get((int)user.Id);
 
                 // Assert
                 Assert.That(updatedItem.Id, Is.EqualTo(resolved.Id));
                 Assert.That(updatedItem.Name, Is.EqualTo(resolved.Name));
-                //Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(resolved.DefaultPermissions));
                 Assert.That(updatedItem.Language, Is.EqualTo(resolved.Language));
                 Assert.That(updatedItem.IsApproved, Is.EqualTo(resolved.IsApproved));
                 Assert.That(updatedItem.RawPasswordValue, Is.EqualTo(resolved.RawPasswordValue));
                 Assert.That(updatedItem.IsLockedOut, Is.EqualTo(resolved.IsLockedOut));
-                Assert.That(updatedItem.StartContentId, Is.EqualTo(resolved.StartContentId));
-                Assert.That(updatedItem.StartMediaId, Is.EqualTo(resolved.StartMediaId));
+                Assert.IsTrue(updatedItem.StartContentIds.UnsortedSequenceEqual(resolved.StartContentIds));
+                Assert.IsTrue(updatedItem.StartMediaIds.UnsortedSequenceEqual(resolved.StartMediaIds));
                 Assert.That(updatedItem.Email, Is.EqualTo(resolved.Email));
                 Assert.That(updatedItem.Username, Is.EqualTo(resolved.Username));
                 Assert.That(updatedItem.AllowedSections.Count(), Is.EqualTo(1));
+                Assert.IsTrue(updatedItem.AllowedSections.Contains("content"));
                 Assert.IsTrue(updatedItem.AllowedSections.Contains("media"));
             }
         }
@@ -152,18 +190,16 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
-                var user = MockedUser.CreateUser(CreateAndCommitUserType());
+                var user = MockedUser.CreateUser();
 
                 // Act
                 repository.AddOrUpdate(user);
                 unitOfWork.Flush();
                 var id = user.Id;
 
-                var utRepo = new UserTypeRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger);
-                var repository2 = new UserRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger, utRepo, Mock.Of<IMapperCollection>());
+                var repository2 = new UserRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger, Mock.Of<IMapperCollection>());
 
                 repository2.Delete(user);
                 unitOfWork.Flush();
@@ -175,36 +211,6 @@ namespace Umbraco.Tests.Persistence.Repositories
             }
         }
 
-        //[Test]
-        //public void Can_Perform_Delete_On_UserRepository_With_Permissions_Assigned()
-        //{
-        //    // Arrange
-        //    var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-        //    using (var unitOfWork = provider.GetUnitOfWork())
-        //    UserTypeRepository userTypeRepository;
-        //using (var repository = CreateRepository(unitOfWork, out userTypeRepository))
-        //{
-
-        //    var user = MockedUser.CreateUser(CreateAndCommitUserType());
-        //    //repository.AssignPermissions()
-
-        //    // Act
-        //    repository.AddOrUpdate(user);
-        //    unitOfWork.Commit();
-        //    var id = user.Id;
-
-        //    var repository2 = RepositoryResolver.Current.ResolveByType<IUserRepository>(unitOfWork);
-        //    repository2.Delete(user);
-        //    unitOfWork.Commit();
-
-        //    var resolved = repository2.Get((int)id);
-
-        //    // Assert
-        //    Assert.That(resolved, Is.Null);
-        //}
-
-        //}
-
         [Test]
         public void Can_Perform_Get_On_UserRepository()
         {
@@ -212,12 +218,10 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
+                var userGroupRepository = CreateUserGroupRepository(unitOfWork);
 
-                var user = MockedUser.CreateUser(CreateAndCommitUserType());
-                repository.AddOrUpdate(user);
-                unitOfWork.Flush();
+                var user = CreateAndCommitUserWithGroup(repository, userGroupRepository, unitOfWork);
 
                 // Act
                 var updatedItem = repository.Get((int) user.Id);
@@ -234,8 +238,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
                 CreateAndCommitMultipleUsers(repository, unitOfWork);
 
@@ -255,8 +258,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
                 var users = CreateAndCommitMultipleUsers(repository, unitOfWork);
 
@@ -277,8 +279,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
                 CreateAndCommitMultipleUsers(repository, unitOfWork);
 
@@ -299,8 +300,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
                 var users = CreateAndCommitMultipleUsers(repository, unitOfWork);
 
@@ -319,8 +319,7 @@ namespace Umbraco.Tests.Persistence.Repositories
             var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
             using (var unitOfWork = provider.CreateUnitOfWork())
             {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
+                var repository = CreateRepository(unitOfWork);
 
                 var users = CreateAndCommitMultipleUsers(repository, unitOfWork);
 
@@ -333,180 +332,16 @@ namespace Umbraco.Tests.Persistence.Repositories
             }
         }
 
-        [Test]
-        public void Can_Remove_Section_For_User()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
-
-                var users = CreateAndCommitMultipleUsers(repository, unitOfWork);
-
-                // Act
-
-                //add and remove a few times, this tests the internal collection
-                users[0].RemoveAllowedSection("content");
-                users[0].RemoveAllowedSection("content");
-                users[0].AddAllowedSection("content");
-                users[0].RemoveAllowedSection("content");
-
-                users[1].RemoveAllowedSection("media");
-                users[1].RemoveAllowedSection("media");
-
-                repository.AddOrUpdate(users[0]);
-                repository.AddOrUpdate(users[1]);
-                unitOfWork.Flush();
-
-                // Assert
-                var result = repository.GetAll((int) users[0].Id, (int) users[1].Id).ToArray();
-                Assert.AreEqual(1, result[0].AllowedSections.Count());
-                Assert.AreEqual("media", result[0].AllowedSections.First());
-                Assert.AreEqual(1, result[1].AllowedSections.Count());
-                Assert.AreEqual("content", result[1].AllowedSections.First());
-            }
-        }
-
-        [Test]
-        public void Can_Add_Section_For_User()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
-
-                var users = CreateAndCommitMultipleUsers(repository, unitOfWork);
-
-                // Act
-
-                //add and remove a few times, this tests the internal collection
-                users[0].AddAllowedSection("settings");
-                users[0].AddAllowedSection("settings");
-                users[0].RemoveAllowedSection("settings");
-                users[0].AddAllowedSection("settings");
-
-                users[1].AddAllowedSection("developer");
-
-                //add the same even though it's already there
-                users[2].AddAllowedSection("content");
-
-                repository.AddOrUpdate(users[0]);
-                repository.AddOrUpdate(users[1]);
-                unitOfWork.Flush();
-
-                // Assert
-                var result = repository.GetAll((int) users[0].Id, (int) users[1].Id, (int) users[2].Id).ToArray();
-                Assert.AreEqual(3, result[0].AllowedSections.Count());
-                Assert.IsTrue(result[0].AllowedSections.Contains("content"));
-                Assert.IsTrue(result[0].AllowedSections.Contains("media"));
-                Assert.IsTrue(result[0].AllowedSections.Contains("settings"));
-                Assert.AreEqual(3, result[1].AllowedSections.Count());
-                Assert.IsTrue(result[1].AllowedSections.Contains("content"));
-                Assert.IsTrue(result[1].AllowedSections.Contains("media"));
-                Assert.IsTrue(result[1].AllowedSections.Contains("developer"));
-                Assert.AreEqual(2, result[2].AllowedSections.Count());
-                Assert.IsTrue(result[1].AllowedSections.Contains("content"));
-                Assert.IsTrue(result[1].AllowedSections.Contains("media"));
-            }
-        }
-
-        [Test]
-        public void Can_Update_Section_For_User()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
-
-                var users = CreateAndCommitMultipleUsers(repository, unitOfWork);
-
-                // Act
-
-                users[0].RemoveAllowedSection("content");
-                users[0].AddAllowedSection("settings");
-
-                repository.AddOrUpdate(users[0]);
-                unitOfWork.Flush();
-
-                // Assert
-                var result = repository.Get((int) users[0].Id);
-                Assert.AreEqual(2, result.AllowedSections.Count());
-                Assert.IsTrue(result.AllowedSections.Contains("settings"));
-                Assert.IsTrue(result.AllowedSections.Contains("media"));
-            }
-        }
-
-
-        [Test]
-        public void Get_Users_Assigned_To_Section()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                UserTypeRepository userTypeRepository;
-                var repository = CreateRepository(unitOfWork, out userTypeRepository);
-
-                var user1 = MockedUser.CreateUser(CreateAndCommitUserType(), "1", "test", "media");
-                var user2 = MockedUser.CreateUser(CreateAndCommitUserType(), "2", "media", "settings");
-                var user3 = MockedUser.CreateUser(CreateAndCommitUserType(), "3", "test", "settings");
-                repository.AddOrUpdate(user1);
-                repository.AddOrUpdate(user2);
-                repository.AddOrUpdate(user3);
-                unitOfWork.Flush();
-
-                // Act
-
-                var users = repository.GetUsersAssignedToSection("test");
-
-                // Assert
-                Assert.AreEqual(2, users.Count());
-                var names = users.Select(x => x.Username).ToArray();
-                Assert.IsTrue(names.Contains("TestUser1"));
-                Assert.IsTrue(names.Contains("TestUser3"));
-            }
-        }
-
-        [Test]
-        public void Default_User_Permissions_Based_On_User_Type()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var utRepo = new UserTypeRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger);
-                var repository = new UserRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger, utRepo, Mock.Of<IMapperCollection>());
-
-                // Act
-                var user1 = MockedUser.CreateUser(CreateAndCommitUserType(), "1", "test", "media");
-                repository.AddOrUpdate(user1);
-                unitOfWork.Flush();
-
-                // Assert
-                Assert.AreEqual(3, user1.DefaultPermissions.Count());
-                Assert.AreEqual("A", user1.DefaultPermissions.ElementAt(0));
-                Assert.AreEqual("B", user1.DefaultPermissions.ElementAt(1));
-                Assert.AreEqual("C", user1.DefaultPermissions.ElementAt(2));
-            }
-        }
-
         private void AssertPropertyValues(IUser updatedItem, IUser originalUser)
         {
             Assert.That(updatedItem.Id, Is.EqualTo(originalUser.Id));
             Assert.That(updatedItem.Name, Is.EqualTo(originalUser.Name));
-            Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(originalUser.DefaultPermissions));
             Assert.That(updatedItem.Language, Is.EqualTo(originalUser.Language));
             Assert.That(updatedItem.IsApproved, Is.EqualTo(originalUser.IsApproved));
             Assert.That(updatedItem.RawPasswordValue, Is.EqualTo(originalUser.RawPasswordValue));
             Assert.That(updatedItem.IsLockedOut, Is.EqualTo(originalUser.IsLockedOut));
-            Assert.That(updatedItem.StartContentId, Is.EqualTo(originalUser.StartContentId));
-            Assert.That(updatedItem.StartMediaId, Is.EqualTo(originalUser.StartMediaId));
+            Assert.IsTrue(updatedItem.StartContentIds.UnsortedSequenceEqual(originalUser.StartContentIds));
+            Assert.IsTrue(updatedItem.StartMediaIds.UnsortedSequenceEqual(originalUser.StartMediaIds));
             Assert.That(updatedItem.Email, Is.EqualTo(originalUser.Email));
             Assert.That(updatedItem.Username, Is.EqualTo(originalUser.Username));
             Assert.That(updatedItem.AllowedSections.Count(), Is.EqualTo(2));
@@ -514,29 +349,30 @@ namespace Umbraco.Tests.Persistence.Repositories
             Assert.IsTrue(updatedItem.AllowedSections.Contains("content"));
         }
 
+        private static User CreateAndCommitUserWithGroup(IUserRepository repository, IUserGroupRepository userGroupRepository, IScopeUnitOfWork unitOfWork)
+        {
+
+            var user = MockedUser.CreateUser();
+            repository.AddOrUpdate(user);
+            unitOfWork.Flush();
+
+            var group = MockedUserGroup.CreateUserGroup();
+            userGroupRepository.AddOrUpdateGroupWithUsers(@group, new[] { user.Id });
+            unitOfWork.Flush();
+
+            return user;
+        }
+
         private IUser[] CreateAndCommitMultipleUsers(IUserRepository repository, IUnitOfWork unitOfWork)
         {
-            var user1 = MockedUser.CreateUser(CreateAndCommitUserType(), "1");
-            var user2 = MockedUser.CreateUser(CreateAndCommitUserType(), "2");
-            var user3 = MockedUser.CreateUser(CreateAndCommitUserType(), "3");
+            var user1 = MockedUser.CreateUser("1");
+            var user2 = MockedUser.CreateUser("2");
+            var user3 = MockedUser.CreateUser("3");
             repository.AddOrUpdate(user1);
             repository.AddOrUpdate(user2);
             repository.AddOrUpdate(user3);
             unitOfWork.Complete();
             return new IUser[] { user1, user2, user3 };
         }
-
-        private IUserType CreateAndCommitUserType()
-        {
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = new UserTypeRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger);
-                var userType = MockedUserType.CreateUserType();
-                repository.AddOrUpdate(userType);
-                unitOfWork.Complete();
-                return userType;
-            }
-        }
     }
 }
diff --git a/src/Umbraco.Tests/Persistence/Repositories/UserTypeRepositoryTest.cs b/src/Umbraco.Tests/Persistence/Repositories/UserTypeRepositoryTest.cs
deleted file mode 100644
index 21b18c913e..0000000000
--- a/src/Umbraco.Tests/Persistence/Repositories/UserTypeRepositoryTest.cs
+++ /dev/null
@@ -1,288 +0,0 @@
-using System.Linq;
-using Moq;
-using NUnit.Framework;
-using Umbraco.Core;
-using Umbraco.Core.Cache;
-using Umbraco.Core.Logging;
-using Umbraco.Core.Models.Membership;
-using Umbraco.Core.Persistence;
-
-using Umbraco.Core.Persistence.Querying;
-using Umbraco.Core.Persistence.Repositories;
-using Umbraco.Core.Persistence.UnitOfWork;
-using Umbraco.Tests.TestHelpers;
-using Umbraco.Tests.TestHelpers.Entities;
-using Umbraco.Tests.Testing;
-
-namespace Umbraco.Tests.Persistence.Repositories
-{
-    [TestFixture]
-    [UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerTest)]
-    public class UserTypeRepositoryTest : TestWithDatabaseBase
-    {
-        private UserTypeRepository CreateRepository(IScopeUnitOfWork unitOfWork)
-        {
-            return new UserTypeRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Mock.Of<ILogger>());
-        }
-
-        [Test]
-        public void Can_Perform_Add_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userType = MockedUserType.CreateUserType();
-
-                // Act
-                repository.AddOrUpdate(userType);
-                unitOfWork.Flush();
-
-                // Assert
-                Assert.That(userType.HasIdentity, Is.True);
-            }
-        }
-
-        [Test]
-        public void Can_Perform_Multiple_Adds_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userType1 = MockedUserType.CreateUserType("1");
-                var userType2 = MockedUserType.CreateUserType("2");
-
-                // Act
-                repository.AddOrUpdate(userType1);
-                unitOfWork.Flush();
-                repository.AddOrUpdate(userType2);
-                unitOfWork.Flush();
-
-                // Assert
-                Assert.That(userType1.HasIdentity, Is.True);
-                Assert.That(userType2.HasIdentity, Is.True);
-            }
-        }
-
-        [Test]
-        public void Can_Verify_Fresh_Entity_Is_Not_Dirty()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userType = MockedUserType.CreateUserType();
-                repository.AddOrUpdate(userType);
-                unitOfWork.Flush();
-
-                // Act
-                var resolved = repository.Get(userType.Id);
-                bool dirty = ((UserType) resolved).IsDirty();
-
-                // Assert
-                Assert.That(dirty, Is.False);
-            }
-        }
-
-        [Test]
-        public void Can_Perform_Update_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userType = MockedUserType.CreateUserType();
-                repository.AddOrUpdate(userType);
-                unitOfWork.Flush();
-
-                // Act
-                var resolved = repository.Get(userType.Id);
-                resolved.Name = "New Name";
-                resolved.Permissions = new[]{"Z", "Y", "X"};
-                repository.AddOrUpdate(resolved);
-                unitOfWork.Flush();
-                var updatedItem = repository.Get(userType.Id);
-
-                // Assert
-                Assert.That(updatedItem.Id, Is.EqualTo(resolved.Id));
-                Assert.That(updatedItem.Name, Is.EqualTo(resolved.Name));
-                Assert.That(updatedItem.Permissions, Is.EqualTo(resolved.Permissions));
-            }
-        }
-
-        [Test]
-        public void Can_Perform_Delete_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userType = MockedUserType.CreateUserType();
-
-                // Act
-                repository.AddOrUpdate(userType);
-                unitOfWork.Flush();
-                var id = userType.Id;
-
-                var repository2 = new UserTypeRepository(unitOfWork, CacheHelper.CreateDisabledCacheHelper(), Logger);
-                repository2.Delete(userType);
-                unitOfWork.Flush();
-
-                var resolved = repository2.Get(id);
-
-                // Assert
-                Assert.That(resolved, Is.Null);
-            }
-        }
-
-        [Test]
-        public void Can_Perform_Get_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userType = MockedUserType.CreateUserType();
-                repository.AddOrUpdate(userType);
-                unitOfWork.Flush();
-
-                // Act
-                var resolved = repository.Get(userType.Id);
-
-                // Assert
-                Assert.That(resolved.Id, Is.EqualTo(userType.Id));
-                //Assert.That(resolved.CreateDate, Is.GreaterThan(DateTime.MinValue));
-                //Assert.That(resolved.UpdateDate, Is.GreaterThan(DateTime.MinValue));
-                Assert.That(resolved.Name, Is.EqualTo(userType.Name));
-                Assert.That(resolved.Alias, Is.EqualTo(userType.Alias));
-                Assert.That(resolved.Permissions, Is.EqualTo(userType.Permissions));
-            }
-        }
-
-        [Test]
-        public void Can_Perform_GetByQuery_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                CreateAndCommitMultipleUserTypes(repository, unitOfWork);
-
-                // Act
-                var query = unitOfWork.Query<IUserType>().Where(x => x.Alias == "testUserType1");
-                var result = repository.GetByQuery(query);
-
-                // Assert
-                Assert.That(result.Count(), Is.GreaterThanOrEqualTo(1));
-            }
-        }
-
-        [Test]
-        public void Can_Perform_GetAll_By_Param_Ids_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userTypes = CreateAndCommitMultipleUserTypes(repository, unitOfWork);
-
-                // Act
-                var result = repository.GetAll(userTypes[0].Id, userTypes[1].Id);
-
-                // Assert
-                Assert.That(result, Is.Not.Null);
-                Assert.That(result.Any(), Is.True);
-                Assert.That(result.Count(), Is.EqualTo(2));
-            }
-        }
-
-        [Test]
-        public void Can_Perform_GetAll_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                CreateAndCommitMultipleUserTypes(repository, unitOfWork);
-
-                // Act
-                var result = repository.GetAll();
-
-                // Assert
-                Assert.That(result, Is.Not.Null);
-                Assert.That(result.Any(), Is.True);
-                Assert.That(result.Count(), Is.GreaterThanOrEqualTo(3));
-            }
-        }
-
-        [Test]
-        public void Can_Perform_Exists_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userTypes = CreateAndCommitMultipleUserTypes(repository, unitOfWork);
-
-                // Act
-                var exists = repository.Exists(userTypes[0].Id);
-
-                // Assert
-                Assert.That(exists, Is.True);
-            }
-        }
-
-        [Test]
-        public void Can_Perform_Count_On_UserTypeRepository()
-        {
-            // Arrange
-            var provider = TestObjects.GetScopeUnitOfWorkProvider(Logger);
-            using (var unitOfWork = provider.CreateUnitOfWork())
-            {
-                var repository = CreateRepository(unitOfWork);
-
-                var userTypes = CreateAndCommitMultipleUserTypes(repository, unitOfWork);
-
-                // Act
-                var query = unitOfWork.Query<IUserType>().Where(x => x.Alias == "testUserType1" || x.Alias == "testUserType2");
-                var result = repository.Count(query);
-
-                // Assert
-                Assert.That(result, Is.GreaterThanOrEqualTo(2));
-            }
-        }
-
-        private IUserType[] CreateAndCommitMultipleUserTypes(IUserTypeRepository repository, IUnitOfWork unitOfWork)
-        {
-            var userType1 = MockedUserType.CreateUserType("1");
-            var userType2 = MockedUserType.CreateUserType("2");
-            var userType3 = MockedUserType.CreateUserType("3");
-            repository.AddOrUpdate(userType1);
-            repository.AddOrUpdate(userType2);
-            repository.AddOrUpdate(userType3);
-            unitOfWork.Flush();
-            return new IUserType[] {userType1, userType2, userType3};
-        }
-    }
-}
diff --git a/src/Umbraco.Tests/Persistence/SqlCeTableByTableTest.cs b/src/Umbraco.Tests/Persistence/SqlCeTableByTableTest.cs
index 5bd3266029..76849cc95f 100644
--- a/src/Umbraco.Tests/Persistence/SqlCeTableByTableTest.cs
+++ b/src/Umbraco.Tests/Persistence/SqlCeTableByTableTest.cs
@@ -500,7 +500,6 @@ namespace Umbraco.Tests.Persistence
                 var helper = new DatabaseSchemaHelper(scope.Database, Mock.Of<ILogger>());
 
                 helper.CreateTable<NodeDto>();
-                helper.CreateTable<UserTypeDto>();
                 helper.CreateTable<UserDto>();
                 helper.CreateTable<TaskTypeDto>();
                 helper.CreateTable<TaskDto>();
@@ -529,7 +528,6 @@ namespace Umbraco.Tests.Persistence
             {
                 var helper = new DatabaseSchemaHelper(scope.Database, Mock.Of<ILogger>());
 
-                helper.CreateTable<UserTypeDto>();
                 helper.CreateTable<UserDto>();
 
                 scope.Complete();
@@ -537,28 +535,13 @@ namespace Umbraco.Tests.Persistence
         }
 
         [Test]
-        public void Can_Create_umbracoUserType_Table()
+        public void Can_Create_umbracoUserGroup_Table()
         {
             using (var scope = ScopeProvider.CreateScope())
             {
                 var helper = new DatabaseSchemaHelper(scope.Database, Mock.Of<ILogger>());
 
-                helper.CreateTable<UserTypeDto>();
-
-                scope.Complete();
-            }
-        }
-
-        [Test]
-        public void Can_Create_umbracoUser2app_Table()
-        {
-            using (var scope = ScopeProvider.CreateScope())
-            {
-                var helper = new DatabaseSchemaHelper(scope.Database, Mock.Of<ILogger>());
-
-                helper.CreateTable<UserTypeDto>();
-                helper.CreateTable<UserDto>();
-                helper.CreateTable<User2AppDto>();
+                helper.CreateTable<UserGroupDto>();
 
                 scope.Complete();
             }
@@ -572,7 +555,6 @@ namespace Umbraco.Tests.Persistence
                 var helper = new DatabaseSchemaHelper(scope.Database, Mock.Of<ILogger>());
 
                 helper.CreateTable<NodeDto>();
-                helper.CreateTable<UserTypeDto>();
                 helper.CreateTable<UserDto>();
                 helper.CreateTable<User2NodeNotifyDto>();
 
@@ -580,17 +562,30 @@ namespace Umbraco.Tests.Persistence
             }
         }
 
-        [Test]
-        public void Can_Create_umbracoUser2NodePermission_Table()
+        public void Can_Create_umbracoGroupUser2app_Table()
         {
             using (var scope = ScopeProvider.CreateScope())
             {
                 var helper = new DatabaseSchemaHelper(scope.Database, Mock.Of<ILogger>());
 
                 helper.CreateTable<NodeDto>();
-                helper.CreateTable<UserTypeDto>();
-                helper.CreateTable<UserDto>();
-                helper.CreateTable<User2NodePermissionDto>();
+                helper.CreateTable<UserGroupDto>();
+                helper.CreateTable<UserGroup2AppDto>();
+
+                scope.Complete();
+            }
+        }
+
+        [Test]
+        public void Can_Create_umbracoUserGroup2NodePermission_Table()
+        {
+            using (var scope = ScopeProvider.CreateScope())
+            {
+                var helper = new DatabaseSchemaHelper(scope.Database, Mock.Of<ILogger>());
+
+                helper.CreateTable<NodeDto>();
+                helper.CreateTable<UserGroupDto>();
+                helper.CreateTable<UserGroup2NodePermissionDto>();
 
                 scope.Complete();
             }
diff --git a/src/Umbraco.Tests/PropertyEditors/PropertyEditorValueConverterTests.cs b/src/Umbraco.Tests/PropertyEditors/PropertyEditorValueConverterTests.cs
index 6c1a483ee7..aff3291e91 100644
--- a/src/Umbraco.Tests/PropertyEditors/PropertyEditorValueConverterTests.cs
+++ b/src/Umbraco.Tests/PropertyEditors/PropertyEditorValueConverterTests.cs
@@ -97,6 +97,27 @@ namespace Umbraco.Tests.PropertyEditors
             var inter = converter.ConvertSourceToInter(null, null, value, false);
             var result = converter.ConvertInterToObject(null, null, PropertyCacheLevel.Unknown, inter, false);
 
+            Assert.AreEqual(expected, result);
+        }
+
+        [TestCase("1", 1)]
+        [TestCase("1", 1)]
+        [TestCase("0", 0)]
+        [TestCase("0", 0)]
+        [TestCase(null, 0)]
+        [TestCase(null, 0)]
+        [TestCase("-1", -1)]
+        [TestCase("-1", -1)]
+        [TestCase("1.65", 1.65)]
+        [TestCase("1.65", 1.65)]
+        [TestCase("-1.65", -1.65)]
+        [TestCase("-1.65", -1.65)]
+        public void CanConvertDecimalAliasPropertyEditor(object value, double expected)
+        {
+            var converter = new DecimalValueConverter();
+            var inter = converter.ConvertSourceToInter(null, null, value, false);
+            var result = converter.ConvertInterToObject(null, null, PropertyCacheLevel.Unknown, inter, false);
+
             Assert.AreEqual(expected, result);
         }
     }
diff --git a/src/Umbraco.Tests/PublishedContent/PublishedContentExtensionTests.cs b/src/Umbraco.Tests/PublishedContent/PublishedContentExtensionTests.cs
index ac9783b0e1..4a77db39e1 100644
--- a/src/Umbraco.Tests/PublishedContent/PublishedContentExtensionTests.cs
+++ b/src/Umbraco.Tests/PublishedContent/PublishedContentExtensionTests.cs
@@ -1,11 +1,6 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using NUnit.Framework;
+using NUnit.Framework;
 using Umbraco.Core.Composing;
 using Umbraco.Core.Models;
-using Umbraco.Tests.TestHelpers;
 using Umbraco.Tests.Testing;
 using Umbraco.Web;
 
@@ -82,7 +77,7 @@ namespace Umbraco.Tests.PublishedContent
                 contentTypeService.Save(inheritedType);
                 createContentTypes = false;
             }
-            #region setup xml content
+
             xmlContent = @"<?xml version=""1.0"" encoding=""utf-8""?>
 <!DOCTYPE root[
 <!ELEMENT inherited ANY>
@@ -91,7 +86,6 @@ namespace Umbraco.Tests.PublishedContent
 <root id=""-1"">
     <inherited id=""1100"" parentID=""-1"" level=""1"" writerID=""0"" creatorID=""0"" nodeType=""1044"" template=""1"" sortOrder=""1"" createDate=""2012-06-12T14:13:17"" updateDate=""2012-07-20T18:50:43"" nodeName=""Home"" urlName=""home"" writerName=""admin"" creatorName=""admin"" path=""-1,1046"" isDoc=""""/>
 </root>";
-            #endregion
         }
     }
 }
diff --git a/src/Umbraco.Tests/PublishedContent/PublishedContentTests.cs b/src/Umbraco.Tests/PublishedContent/PublishedContentTests.cs
index a7196f9181..e5c767fa64 100644
--- a/src/Umbraco.Tests/PublishedContent/PublishedContentTests.cs
+++ b/src/Umbraco.Tests/PublishedContent/PublishedContentTests.cs
@@ -98,7 +98,7 @@ namespace Umbraco.Tests.PublishedContent
             </Home>
             <CustomDocument id=""1177"" parentID=""1173"" level=""3"" writerID=""0"" creatorID=""0"" nodeType=""1234"" template=""" + templateId + @""" sortOrder=""2"" createDate=""2012-07-16T15:26:59"" updateDate=""2012-07-18T14:23:35"" nodeName=""custom sub 1"" urlName=""custom-sub-1"" writerName=""admin"" creatorName=""admin"" path=""-1,1046,1173,1177"" isDoc="""" />
             <CustomDocument id=""1178"" parentID=""1173"" level=""3"" writerID=""0"" creatorID=""0"" nodeType=""1234"" template=""" + templateId + @""" sortOrder=""3"" createDate=""2012-07-16T15:26:59"" updateDate=""2012-07-16T14:23:35"" nodeName=""custom sub 2"" urlName=""custom-sub-2"" writerName=""admin"" creatorName=""admin"" path=""-1,1046,1173,1178"" isDoc="""" />
-            <Home id=""1176"" parentID=""1173"" level=""3"" writerID=""0"" creatorID=""0"" nodeType=""1044"" template=""" + templateId + @""" sortOrder=""4"" createDate=""2012-07-20T18:08:08"" updateDate=""2012-07-20T19:10:52"" nodeName=""Sub 3"" urlName=""sub-3"" writerName=""admin"" creatorName=""admin"" path=""-1,1046,1173,1176"" isDoc="""">
+            <Home id=""1176"" parentID=""1173"" level=""3"" writerID=""0"" creatorID=""0"" nodeType=""1044"" template=""" + templateId + @""" sortOrder=""4"" createDate=""2012-07-20T18:08:08"" updateDate=""2012-07-20T19:10:52"" nodeName=""Sub 3"" urlName=""sub-3"" writerName=""admin"" creatorName=""admin"" path=""-1,1046,1173,1176"" isDoc="""" key=""CDB83BBC-A83B-4BA6-93B8-AADEF67D3C09"">
                 <content><![CDATA[]]></content>
                 <umbracoNaviHide>1</umbracoNaviHide>
             </Home>
diff --git a/src/Umbraco.Tests/Scheduling/BackgroundTaskRunnerTests.cs b/src/Umbraco.Tests/Scheduling/BackgroundTaskRunnerTests.cs
index 42dea2f992..c6aaca8056 100644
--- a/src/Umbraco.Tests/Scheduling/BackgroundTaskRunnerTests.cs
+++ b/src/Umbraco.Tests/Scheduling/BackgroundTaskRunnerTests.cs
@@ -258,10 +258,12 @@ namespace Umbraco.Tests.Scheduling
         {
             using (var runner = new BackgroundTaskRunner<IBackgroundTask>(new BackgroundTaskRunnerOptions
             {
-                AutoStart = true
+                AutoStart = true,
+                KeepAlive = true // else stops!
             }, _logger))
             {
                 Assert.IsTrue(runner.IsRunning); // because AutoStart is true
+                runner.Stop(false); // keepalive = must be stopped
                 await runner.StoppedAwaitable; // runner stops, within test's timeout
             }
         }
diff --git a/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs b/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs
index 5b85b2d626..2b62422bb0 100644
--- a/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs
+++ b/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs
@@ -64,8 +64,7 @@ namespace Umbraco.Tests.Scoping
             var service = Current.Services.UserService;
             var globalCache = Current.ApplicationCache.IsolatedRuntimeCache.GetOrCreateCache(typeof(IUser));
 
-            var userType = service.GetUserTypeByAlias("admin");
-            var user = (IUser) new User("name", "email", "username", "rawPassword", userType);
+            var user = (IUser)new User("name", "email", "username", "rawPassword");
             service.Save(user);
 
             // global cache contains the entity
diff --git a/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs b/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs
index 5ec4dea802..74b74ad1ce 100644
--- a/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs
+++ b/src/Umbraco.Tests/Security/UmbracoBackOfficeIdentityTests.cs
@@ -29,8 +29,8 @@ namespace Umbraco.Tests.Security
                 //This is the id that 'identity' uses to check for the username
                 new Claim(ClaimTypes.Name, "testing", ClaimValueTypes.String, TestIssuer, TestIssuer),
                 new Claim(ClaimTypes.GivenName, "hello world", ClaimValueTypes.String, TestIssuer, TestIssuer),
-                new Claim(Constants.Security.StartContentNodeIdClaimType, "-1", ClaimValueTypes.Integer32, TestIssuer, TestIssuer),
-                new Claim(Constants.Security.StartMediaNodeIdClaimType, "5543", ClaimValueTypes.Integer32, TestIssuer, TestIssuer),
+                new Claim(Constants.Security.StartContentNodeIdClaimType, "[-1]", ClaimValueTypes.Integer32, TestIssuer, TestIssuer),
+                new Claim(Constants.Security.StartMediaNodeIdClaimType, "[5543]", ClaimValueTypes.Integer32, TestIssuer, TestIssuer),
                 new Claim(Constants.Security.AllowedApplicationsClaimType, "content", ClaimValueTypes.String, TestIssuer, TestIssuer),
                 new Claim(Constants.Security.AllowedApplicationsClaimType, "media", ClaimValueTypes.String, TestIssuer, TestIssuer),
                 new Claim(ClaimTypes.Locality, "en-us", ClaimValueTypes.String, TestIssuer, TestIssuer),
@@ -44,8 +44,8 @@ namespace Umbraco.Tests.Security
             Assert.AreEqual(sessionId, backofficeIdentity.SessionId);
             Assert.AreEqual("testing", backofficeIdentity.Username);
             Assert.AreEqual("hello world", backofficeIdentity.RealName);
-            Assert.AreEqual(-1, backofficeIdentity.StartContentNode);
-            Assert.AreEqual(5543, backofficeIdentity.StartMediaNode);
+            Assert.AreEqual(1, backofficeIdentity.StartContentNodes.Length);
+            Assert.IsTrue(backofficeIdentity.StartMediaNodes.UnsortedSequenceEqual(new[] { 5543 }));
             Assert.IsTrue(new[] {"content", "media"}.SequenceEqual(backofficeIdentity.AllowedApplications));
             Assert.AreEqual("en-us", backofficeIdentity.Culture);
             Assert.IsTrue(new[] { "admin" }.SequenceEqual(backofficeIdentity.Roles));
@@ -98,8 +98,7 @@ namespace Umbraco.Tests.Security
                 Id = 1234,
                 RealName = "hello world",
                 Roles = new[] {"admin"},
-                StartContentNode = -1,
-                StartMediaNode = 654,
+                StartMediaNodes = new[] { 654 },
                 Username = "testing"
             };
 
@@ -119,8 +118,7 @@ namespace Umbraco.Tests.Security
                 Id = 1234,
                 RealName = "hello world",
                 Roles = new[] { "admin" },
-                StartContentNode = -1,
-                StartMediaNode = 654,
+                StartMediaNodes = new[] { 654 },
                 Username = "testing"
             };
 
@@ -146,8 +144,7 @@ namespace Umbraco.Tests.Security
                 Id = 1234,
                 RealName = "hello world",
                 Roles = new[] { "admin" },
-                StartContentNode = -1,
-                StartMediaNode = 654,
+                StartMediaNodes = new[] { 654 },
                 Username = "testing"
             };
 
@@ -170,8 +167,7 @@ namespace Umbraco.Tests.Security
                 Id = 1234,
                 RealName = "hello world",
                 Roles = new[] { "admin" },
-                StartContentNode = -1,
-                StartMediaNode = 654,
+                StartMediaNodes = new[] { 654 },
                 Username = "testing"
             };
 
diff --git a/src/Umbraco.Tests/Services/ContentServicePerformanceTest.cs b/src/Umbraco.Tests/Services/ContentServicePerformanceTest.cs
index 411b43f5d0..0e475b3eb7 100644
--- a/src/Umbraco.Tests/Services/ContentServicePerformanceTest.cs
+++ b/src/Umbraco.Tests/Services/ContentServicePerformanceTest.cs
@@ -162,7 +162,7 @@ namespace Umbraco.Tests.Services
                 var tRepository = new TemplateRepository(unitOfWork, DisabledCache, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
                 var tagRepo = new TagRepository(unitOfWork, DisabledCache, Logger);
                 var ctRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, tRepository);
-                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo);
+                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo, Mock.Of<IContentSection>());
 
                 // Act
                 Stopwatch watch = Stopwatch.StartNew();
@@ -194,7 +194,7 @@ namespace Umbraco.Tests.Services
                 var tRepository = new TemplateRepository(unitOfWork, DisabledCache, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
                 var tagRepo = new TagRepository(unitOfWork, DisabledCache, Logger);
                 var ctRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, tRepository);
-                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo);
+                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo, Mock.Of<IContentSection>());
 
                 // Act
                 Stopwatch watch = Stopwatch.StartNew();
@@ -224,7 +224,7 @@ namespace Umbraco.Tests.Services
                 var tRepository = new TemplateRepository(unitOfWork, DisabledCache, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
                 var tagRepo = new TagRepository(unitOfWork, DisabledCache, Logger);
                 var ctRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, tRepository);
-                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo);
+                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo, Mock.Of<IContentSection>());
 
                 // Act
                 var contents = repository.GetAll();
@@ -257,7 +257,7 @@ namespace Umbraco.Tests.Services
                 var tRepository = new TemplateRepository(unitOfWork, DisabledCache, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
                 var tagRepo = new TagRepository(unitOfWork, DisabledCache, Logger);
                 var ctRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, tRepository);
-                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo);
+                var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, ctRepository, tRepository, tagRepo, Mock.Of<IContentSection>());
 
                 // Act
                 var contents = repository.GetAll();
diff --git a/src/Umbraco.Tests/Services/ContentServiceTests.cs b/src/Umbraco.Tests/Services/ContentServiceTests.cs
index 613795c75e..89760d11e9 100644
--- a/src/Umbraco.Tests/Services/ContentServiceTests.cs
+++ b/src/Umbraco.Tests/Services/ContentServiceTests.cs
@@ -54,6 +54,108 @@ namespace Umbraco.Tests.Services
             Container.Register(factory => factory.GetInstance<ServiceContext>().TextService);
         }
 
+        [Test]
+        public void Create_Blueprint()
+        {
+            var contentService = ServiceContext.ContentService;
+            var contentTypeService = ServiceContext.ContentTypeService;
+
+            var contentType = MockedContentTypes.CreateTextpageContentType();
+            contentTypeService.Save(contentType);
+
+            var blueprint = MockedContent.CreateTextpageContent(contentType, "hello", -1);
+            blueprint.SetValue("title", "blueprint 1");
+            blueprint.SetValue("bodyText", "blueprint 2");
+            blueprint.SetValue("keywords", "blueprint 3");
+            blueprint.SetValue("description", "blueprint 4");
+
+            contentService.SaveBlueprint(blueprint);
+
+            var found = contentService.GetBlueprintsForContentTypes().ToArray();
+            Assert.AreEqual(1, found.Length);
+
+            //ensures it's not found by normal content
+            var contentFound = contentService.GetById(found[0].Id);
+            Assert.IsNull(contentFound);
+        }
+
+        [Test]
+        public void Delete_Blueprint()
+        {
+            var contentService = ServiceContext.ContentService;
+            var contentTypeService = ServiceContext.ContentTypeService;
+
+            var contentType = MockedContentTypes.CreateTextpageContentType();
+            contentTypeService.Save(contentType);
+
+            var blueprint = MockedContent.CreateTextpageContent(contentType, "hello", -1);
+            blueprint.SetValue("title", "blueprint 1");
+            blueprint.SetValue("bodyText", "blueprint 2");
+            blueprint.SetValue("keywords", "blueprint 3");
+            blueprint.SetValue("description", "blueprint 4");
+
+            contentService.SaveBlueprint(blueprint);
+
+            contentService.DeleteBlueprint(blueprint);
+
+            var found = contentService.GetBlueprintsForContentTypes().ToArray();
+            Assert.AreEqual(0, found.Length);
+        }
+
+        [Test]
+        public void Create_Content_From_Blueprint()
+        {
+            var contentService = ServiceContext.ContentService;
+            var contentTypeService = ServiceContext.ContentTypeService;
+
+            var contentType = MockedContentTypes.CreateTextpageContentType();
+            contentTypeService.Save(contentType);
+
+            var blueprint = MockedContent.CreateTextpageContent(contentType, "hello", -1);
+            blueprint.SetValue("title", "blueprint 1");
+            blueprint.SetValue("bodyText", "blueprint 2");
+            blueprint.SetValue("keywords", "blueprint 3");
+            blueprint.SetValue("description", "blueprint 4");
+
+            contentService.SaveBlueprint(blueprint);
+
+            var fromBlueprint = contentService.CreateContentFromBlueprint(blueprint, "hello world");
+            contentService.Save(fromBlueprint);
+
+            Assert.IsTrue(fromBlueprint.HasIdentity);
+            Assert.AreEqual("blueprint 1", fromBlueprint.Properties["title"].Value);
+            Assert.AreEqual("blueprint 2", fromBlueprint.Properties["bodyText"].Value);
+            Assert.AreEqual("blueprint 3", fromBlueprint.Properties["keywords"].Value);
+            Assert.AreEqual("blueprint 4", fromBlueprint.Properties["description"].Value);
+        }
+
+        [Test]
+        public void Get_All_Blueprints()
+        {
+            var contentService = ServiceContext.ContentService;
+            var contentTypeService = ServiceContext.ContentTypeService;
+
+            var ct1 = MockedContentTypes.CreateTextpageContentType("ct1");
+            contentTypeService.Save(ct1);
+            var ct2 = MockedContentTypes.CreateTextpageContentType("ct2");
+            contentTypeService.Save(ct2);
+
+            for (int i = 0; i < 10; i++)
+            {
+                var blueprint = MockedContent.CreateTextpageContent(i % 2 == 0 ? ct1 : ct2, "hello" + i, -1);
+                contentService.SaveBlueprint(blueprint);
+            }
+
+            var found = contentService.GetBlueprintsForContentTypes().ToArray();
+            Assert.AreEqual(10, found.Length);
+
+            found = contentService.GetBlueprintsForContentTypes(ct1.Id).ToArray();
+            Assert.AreEqual(5, found.Length);
+
+            found = contentService.GetBlueprintsForContentTypes(ct2.Id).ToArray();
+            Assert.AreEqual(5, found.Length);
+        }
+
         /// <summary>
         /// Ensures that we don't unpublish all nodes when a node is deleted that has an invalid path of -1
         /// Note: it is actually the MoveToRecycleBin happening on the initial deletion of a node through the UI
@@ -787,7 +889,7 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Can_Save_New_Content_With_Explicit_User()
         {
-            var user = new User(ServiceContext.UserService.GetUserTypeByAlias("admin"))
+            var user = new User
                 {
                     Name = "Test",
                     Email = "test@test.com",
@@ -1409,6 +1511,98 @@ namespace Umbraco.Tests.Services
             Assert.That(contents.Any(), Is.False);
         }
 
+        [Test]
+        public void Ensures_Permissions_Are_Retained_For_Copied_Descendants_With_Explicit_Permissions()
+        {
+            // Arrange
+            var userGroup = MockedUserGroup.CreateUserGroup("1");
+            ServiceContext.UserService.Save(userGroup);
+
+            var contentType = MockedContentTypes.CreateSimpleContentType("umbTextpage1", "Textpage");
+            contentType.AllowedContentTypes = new List<ContentTypeSort>
+            {
+                new ContentTypeSort(new Lazy<int>(() => contentType.Id), 0, contentType.Alias)
+            };
+            ServiceContext.ContentTypeService.Save(contentType);
+
+            var parentPage = MockedContent.CreateSimpleContent(contentType);
+            ServiceContext.ContentService.Save(parentPage);
+
+            var childPage = MockedContent.CreateSimpleContent(contentType, "child", parentPage);
+            ServiceContext.ContentService.Save(childPage);
+            //assign explicit permissions to the child
+            ServiceContext.ContentService.AssignContentPermission(childPage, 'A', new[] { userGroup.Id });
+
+            //Ok, now copy, what should happen is the childPage will retain it's own permissions
+            var parentPage2 = MockedContent.CreateSimpleContent(contentType);
+            ServiceContext.ContentService.Save(parentPage2);
+
+            var copy = ServiceContext.ContentService.Copy(childPage, parentPage2.Id, false, true);
+
+            //get the permissions and verify
+            var permissions = ServiceContext.UserService.GetPermissionsForPath(userGroup, copy.Path, fallbackToDefaultPermissions: true);
+            var allPermissions = permissions.GetAllPermissions().ToArray();
+            Assert.AreEqual(1, allPermissions.Length);
+            Assert.AreEqual("A", allPermissions[0]);
+        }
+
+        [Test]
+        public void Ensures_Permissions_Are_Inherited_For_Copied_Descendants()
+        {
+            // Arrange
+            var userGroup = MockedUserGroup.CreateUserGroup("1");
+            ServiceContext.UserService.Save(userGroup);
+
+            var contentType = MockedContentTypes.CreateSimpleContentType("umbTextpage1", "Textpage");
+            contentType.AllowedContentTypes = new List<ContentTypeSort>
+            {
+                new ContentTypeSort(new Lazy<int>(() => contentType.Id), 0, contentType.Alias)
+            };
+            ServiceContext.ContentTypeService.Save(contentType);
+
+            var parentPage = MockedContent.CreateSimpleContent(contentType);
+            ServiceContext.ContentService.Save(parentPage);
+            ServiceContext.ContentService.AssignContentPermission(parentPage, 'A', new[] { userGroup.Id });
+
+            var childPage1 = MockedContent.CreateSimpleContent(contentType, "child1", parentPage);
+            ServiceContext.ContentService.Save(childPage1);
+            var childPage2 = MockedContent.CreateSimpleContent(contentType, "child2", childPage1);
+            ServiceContext.ContentService.Save(childPage2);
+            var childPage3 = MockedContent.CreateSimpleContent(contentType, "child3", childPage2);
+            ServiceContext.ContentService.Save(childPage3);
+
+            //Verify that the children have the inherited permissions
+            var descendants = ServiceContext.ContentService.GetDescendants(parentPage).ToArray();
+            Assert.AreEqual(3, descendants.Length);
+
+            foreach (var descendant in descendants)
+            {
+                var permissions = ServiceContext.UserService.GetPermissionsForPath(userGroup, descendant.Path, fallbackToDefaultPermissions: true);
+                var allPermissions = permissions.GetAllPermissions().ToArray();
+                Assert.AreEqual(1, allPermissions.Length);
+                Assert.AreEqual("A", allPermissions[0]);
+            }
+
+            //create a new parent with a new permission structure
+            var parentPage2 = MockedContent.CreateSimpleContent(contentType);
+            ServiceContext.ContentService.Save(parentPage2);
+            ServiceContext.ContentService.AssignContentPermission(parentPage2, 'B', new[] { userGroup.Id });
+
+            //Now copy, what should happen is the child pages will now have permissions inherited from the new parent
+            var copy = ServiceContext.ContentService.Copy(childPage1, parentPage2.Id, false, true);
+
+            descendants = ServiceContext.ContentService.GetDescendants(parentPage2).ToArray();
+            Assert.AreEqual(3, descendants.Length);
+
+            foreach (var descendant in descendants)
+            {
+                var permissions = ServiceContext.UserService.GetPermissionsForPath(userGroup, descendant.Path, fallbackToDefaultPermissions: true);
+                var allPermissions = permissions.GetAllPermissions().ToArray();
+                Assert.AreEqual(1, allPermissions.Length);
+                Assert.AreEqual("B", allPermissions[0]);
+            }
+        }
+
         [Test]
         public void Can_Empty_RecycleBin_With_Content_That_Has_All_Related_Data()
         {
@@ -1455,9 +1649,11 @@ namespace Umbraco.Tests.Services
             }));
             Assert.IsTrue(ServiceContext.PublicAccessService.AddRule(content1, "test2", "test2").Success);
 
-            Assert.IsNotNull(ServiceContext.NotificationService.CreateNotification(ServiceContext.UserService.GetUserById(0), content1, "T"));
+            var user = ServiceContext.UserService.GetUserById(0);
+            var userGroup = ServiceContext.UserService.GetUserGroupByAlias(user.Groups.First().Alias);
+            Assert.IsNotNull(ServiceContext.NotificationService.CreateNotification(user, content1, "test"));
 
-            ServiceContext.ContentService.AssignContentPermission(content1, 'A', new[] { 0 });
+            ServiceContext.ContentService.AssignContentPermission(content1, 'A', new[] { userGroup.Id });
 
             Assert.IsTrue(ServiceContext.DomainService.Save(new UmbracoDomain("www.test.com", "en-AU")
             {
@@ -1711,9 +1907,9 @@ namespace Umbraco.Tests.Services
             Assert.That(sut.GetValue<DateTime>("date").ToString("G"), Is.EqualTo(content.GetValue<DateTime>("date").ToString("G")));
             Assert.That(sut.GetValue<string>("ddl"), Is.EqualTo("1234"));
             Assert.That(sut.GetValue<string>("chklist"), Is.EqualTo("randomc"));
-            Assert.That(sut.GetValue<int>("contentPicker"), Is.EqualTo(1090));
-            Assert.That(sut.GetValue<int>("mediaPicker"), Is.EqualTo(1091));
-            Assert.That(sut.GetValue<int>("memberPicker"), Is.EqualTo(1092));
+            Assert.That(sut.GetValue<Udi>("contentPicker"), Is.EqualTo(Udi.Create(Constants.UdiEntityType.Document, new Guid("74ECA1D4-934E-436A-A7C7-36CC16D4095C"))));
+            Assert.That(sut.GetValue<Udi>("mediaPicker"), Is.EqualTo(Udi.Create(Constants.UdiEntityType.Media, new Guid("44CB39C8-01E5-45EB-9CF8-E70AAF2D1691"))));
+            Assert.That(sut.GetValue<Udi>("memberPicker"), Is.EqualTo(Udi.Create(Constants.UdiEntityType.Member, new Guid("9A50A448-59C0-4D42-8F93-4F1D55B0F47D"))));
             Assert.That(sut.GetValue<string>("relatedLinks"), Is.EqualTo("<links><link title=\"google\" link=\"http://google.com\" type=\"external\" newwindow=\"0\" /></links>"));
             Assert.That(sut.GetValue<string>("tags"), Is.EqualTo("this,is,tags"));
         }
@@ -1971,7 +2167,7 @@ namespace Umbraco.Tests.Services
             var templateRepository = new TemplateRepository(unitOfWork, DisabledCache, Logger, Mock.Of<IFileSystem>(), Mock.Of<IFileSystem>(), Mock.Of<ITemplatesSection>());
             var tagRepository = new TagRepository(unitOfWork, DisabledCache, Logger);
             contentTypeRepository = new ContentTypeRepository(unitOfWork, DisabledCache, Logger, templateRepository);
-            var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository);
+            var repository = new ContentRepository(unitOfWork, DisabledCache, Logger, contentTypeRepository, templateRepository, tagRepository, Mock.Of<IContentSection>());
             return repository;
         }
     }
diff --git a/src/Umbraco.Tests/Services/SectionServiceTests.cs b/src/Umbraco.Tests/Services/SectionServiceTests.cs
new file mode 100644
index 0000000000..6e6f871dd2
--- /dev/null
+++ b/src/Umbraco.Tests/Services/SectionServiceTests.cs
@@ -0,0 +1,70 @@
+using NUnit.Framework;
+using System.Linq;
+using Umbraco.Core.Models.Membership;
+using Umbraco.Tests.Testing;
+
+namespace Umbraco.Tests.Services
+{
+    /// <summary>
+    /// Tests covering the SectionService
+    /// </summary>
+    [TestFixture, RequiresSTA]
+    [UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerTest)]
+    public class SectionServiceTests : TestWithSomeContentBase
+    {
+        public override void CreateTestData()
+        {
+            base.CreateTestData();
+
+            ServiceContext.SectionService.MakeNew("Content", "content", "icon-content");
+            ServiceContext.SectionService.MakeNew("Media", "media", "icon-media");
+            ServiceContext.SectionService.MakeNew("Settings", "settings", "icon-settings");
+            ServiceContext.SectionService.MakeNew("Developer", "developer", "icon-developer");
+        }
+
+        [Test]
+        public void SectionService_Can_Get_Allowed_Sections_For_User()
+        {
+            // Arrange
+            var user = CreateTestUser();
+
+            // Act
+            var result = ServiceContext.SectionService.GetAllowedSections(user.Id).ToList();
+
+            // Assert
+            Assert.AreEqual(3, result.Count);
+        }
+
+        private IUser CreateTestUser()
+        {
+            var user = new User
+            {
+                Name = "Test user",
+                Username = "testUser",
+                Email = "testuser@test.com",
+            };
+            ServiceContext.UserService.Save(user, false);
+
+            var userGroupA = new UserGroup
+            {
+                Alias = "GroupA",
+                Name = "Group A"
+            };
+            userGroupA.AddAllowedSection("media");
+            userGroupA.AddAllowedSection("settings");
+            //TODO: This is failing the test
+            ServiceContext.UserService.Save(userGroupA, new[] { user.Id }, false);
+
+            var userGroupB = new UserGroup
+            {
+                Alias = "GroupB",
+                Name = "Group B"
+            };
+            userGroupB.AddAllowedSection("settings");
+            userGroupB.AddAllowedSection("developer");
+            ServiceContext.UserService.Save(userGroupB, new[] { user.Id }, false);
+
+            return ServiceContext.UserService.GetUserById(user.Id);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/Services/UserServiceTests.cs b/src/Umbraco.Tests/Services/UserServiceTests.cs
index d279f257b8..f47ccfd043 100644
--- a/src/Umbraco.Tests/Services/UserServiceTests.cs
+++ b/src/Umbraco.Tests/Services/UserServiceTests.cs
@@ -1,13 +1,15 @@
 using System;
+using System.Collections.Generic;
 using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
 using NUnit.Framework;
-using Umbraco.Core.Exceptions;
+using Umbraco.Core;
 using Umbraco.Core.Models.Membership;
+using Umbraco.Core.Persistence.DatabaseModelDefinitions;
 using Umbraco.Tests.TestHelpers.Entities;
 using Umbraco.Core.Persistence.Querying;
-using Umbraco.Tests.TestHelpers;
+using Umbraco.Core.Services;
 using Umbraco.Tests.Testing;
 using Umbraco.Web._Legacy.Actions;
 
@@ -21,12 +23,11 @@ namespace Umbraco.Tests.Services
     public class UserServiceTests : TestWithSomeContentBase
     {
         [Test]
-        public void UserService_Get_User_Permissions_For_Unassigned_Permission_Nodes()
+        public void Get_User_Permissions_For_Unassigned_Permission_Nodes()
         {
             // Arrange
             var userService = ServiceContext.UserService;
-            var userType = userService.GetUserTypeByAlias("admin");
-            var user = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
+            var user = CreateTestUser(out var userGroup);
             var contentType = MockedContentTypes.CreateSimpleContentType();
             ServiceContext.ContentTypeService.Save(contentType);
             var content = new[]
@@ -38,22 +39,24 @@ namespace Umbraco.Tests.Services
             ServiceContext.ContentService.Save(content);
 
             // Act
-            var permissions = userService.GetPermissions(user, content.ElementAt(0).Id, content.ElementAt(1).Id, content.ElementAt(2).Id);
+            var permissions = userService.GetPermissions(user, content[0].Id, content[1].Id, content[2].Id)
+                .ToArray();
 
             //assert
-            Assert.AreEqual(3, permissions.Count());
-            Assert.AreEqual(17, permissions.ElementAt(0).AssignedPermissions.Length);
-            Assert.AreEqual(17, permissions.ElementAt(1).AssignedPermissions.Length);
-            Assert.AreEqual(17, permissions.ElementAt(2).AssignedPermissions.Length);
+            Assert.AreEqual(3, permissions.Length);
+            Assert.AreEqual(17, permissions[0].AssignedPermissions.Length);
+            Assert.AreEqual(17, permissions[1].AssignedPermissions.Length);
+            Assert.AreEqual(17, permissions[2].AssignedPermissions.Length);
         }
 
         [Test]
-        public void UserService_Get_User_Permissions_For_Assigned_Permission_Nodes()
+        public void Get_User_Permissions_For_Assigned_Permission_Nodes()
         {
             // Arrange
             var userService = ServiceContext.UserService;
-            var userType = userService.GetUserTypeByAlias("admin");
-            var user = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
+            IUserGroup userGroup;
+            var user = CreateTestUser(out userGroup);
+
             var contentType = MockedContentTypes.CreateSimpleContentType();
             ServiceContext.ContentTypeService.Save(contentType);
             var content = new[]
@@ -63,32 +66,367 @@ namespace Umbraco.Tests.Services
                     MockedContent.CreateSimpleContent(contentType)
                 };
             ServiceContext.ContentService.Save(content);
-            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(0), ActionBrowse.Instance.Letter, new int[] { user.Id });
-            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(0), ActionDelete.Instance.Letter, new int[] { user.Id });
-            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(0), ActionMove.Instance.Letter, new int[] { user.Id });
-
-            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(1), ActionBrowse.Instance.Letter, new int[] { user.Id });
-            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(1), ActionDelete.Instance.Letter, new int[] { user.Id });
-
-            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(2), ActionBrowse.Instance.Letter, new int[] { user.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionMove.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[2], ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
 
             // Act
-            var permissions = userService.GetPermissions(user, content.ElementAt(0).Id, content.ElementAt(1).Id, content.ElementAt(2).Id);
+            var permissions = userService.GetPermissions(user, content[0].Id, content[1].Id, content[2].Id).ToArray();
 
             //assert
-            Assert.AreEqual(3, permissions.Count());
-            Assert.AreEqual(3, permissions.ElementAt(0).AssignedPermissions.Count());
-            Assert.AreEqual(2, permissions.ElementAt(1).AssignedPermissions.Count());
-            Assert.AreEqual(1, permissions.ElementAt(2).AssignedPermissions.Count());
+            Assert.AreEqual(3, permissions.Length);
+            Assert.AreEqual(3, permissions[0].AssignedPermissions.Length);
+            Assert.AreEqual(2, permissions[1].AssignedPermissions.Length);
+            Assert.AreEqual(1, permissions[2].AssignedPermissions.Length);
+        }
+
+        [Test]
+        public void Get_UserGroup_Assigned_Permissions()
+        {
+            // Arrange
+            var userService = ServiceContext.UserService;
+            var userGroup = CreateTestUserGroup();
+
+            var contentType = MockedContentTypes.CreateSimpleContentType();
+            ServiceContext.ContentTypeService.Save(contentType);
+            var content = new[]
+                {
+                    MockedContent.CreateSimpleContent(contentType),
+                    MockedContent.CreateSimpleContent(contentType),
+                    MockedContent.CreateSimpleContent(contentType)
+                };
+            ServiceContext.ContentService.Save(content);
+            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(0), ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(0), ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(0), ActionMove.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(1), ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(1), ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content.ElementAt(2), ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+
+            // Act
+            var permissions = userService.GetPermissions(userGroup, false, content[0].Id, content[1].Id, content[2].Id).ToArray();
+
+            //assert
+            Assert.AreEqual(3, permissions.Length);
+            Assert.AreEqual(3, permissions[0].AssignedPermissions.Length);
+            Assert.AreEqual(2, permissions[1].AssignedPermissions.Length);
+            Assert.AreEqual(1, permissions[2].AssignedPermissions.Length);
+        }
+
+        [Test]
+        public void Get_UserGroup_Assigned_And_Default_Permissions()
+        {
+            // Arrange
+            var userService = ServiceContext.UserService;
+            var userGroup = CreateTestUserGroup();
+
+            var contentType = MockedContentTypes.CreateSimpleContentType();
+            ServiceContext.ContentTypeService.Save(contentType);
+            var content = new[]
+                {
+                    MockedContent.CreateSimpleContent(contentType),
+                    MockedContent.CreateSimpleContent(contentType),
+                    MockedContent.CreateSimpleContent(contentType)
+                };
+            ServiceContext.ContentService.Save(content);
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionMove.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+
+            // Act
+            var permissions = userService.GetPermissions(userGroup, true, content[0].Id, content[1].Id, content[2].Id)
+                .ToArray();
+
+            //assert
+            Assert.AreEqual(3, permissions.Length);
+            Assert.AreEqual(3, permissions[0].AssignedPermissions.Length);
+            Assert.AreEqual(2, permissions[1].AssignedPermissions.Length);
+            Assert.AreEqual(17, permissions[2].AssignedPermissions.Length);
+        }
+
+        [Test]
+        public void Get_All_User_Permissions_For_All_Nodes_With_Explicit_Permission()
+        {
+            // Arrange
+            var userService = ServiceContext.UserService;
+            var userGroup1 = CreateTestUserGroup();
+            var userGroup2 = CreateTestUserGroup("test2", "Test 2");
+            var userGroup3 = CreateTestUserGroup("test3", "Test 3");
+            var user = userService.CreateUserWithIdentity("John Doe", "john@umbraco.io");
+
+            var defaultPermissionCount = userGroup3.Permissions.Count();
+
+            user.AddGroup(userGroup1);
+            user.AddGroup(userGroup2);
+            user.AddGroup(userGroup3);
+            userService.Save(user);
+
+            var contentType = MockedContentTypes.CreateSimpleContentType();
+            ServiceContext.ContentTypeService.Save(contentType);
+            var content = new[]
+            {
+                MockedContent.CreateSimpleContent(contentType),
+                MockedContent.CreateSimpleContent(contentType),
+                MockedContent.CreateSimpleContent(contentType)
+            };
+            ServiceContext.ContentService.Save(content);
+            //assign permissions - we aren't assigning anything explicit for group3 and nothing explicit for content[2] /w group2
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionBrowse.Instance.Letter, new int[] { userGroup1.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionDelete.Instance.Letter, new int[] { userGroup1.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionMove.Instance.Letter, new int[] { userGroup2.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionBrowse.Instance.Letter, new int[] { userGroup1.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionDelete.Instance.Letter, new int[] { userGroup2.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[2], ActionDelete.Instance.Letter, new int[] { userGroup1.Id });
+
+            // Act
+            //we don't pass in any nodes so it will return all of them
+            var result = userService.GetPermissions(user).ToArray();
+            var permissions = result
+                .GroupBy(x => x.EntityId)
+                .ToDictionary(x => x.Key, x => x.GroupBy(a => a.UserGroupId).ToDictionary(a => a.Key, a => a.ToArray()));
+
+            //assert
+
+            //there will be 3 since that is how many content items there are
+            Assert.AreEqual(3, permissions.Count);
+
+            //test permissions contains content[0]
+            Assert.IsTrue(permissions.ContainsKey(content[0].Id));
+            //test that this permissions set contains permissions for all groups
+            Assert.IsTrue(permissions[content[0].Id].ContainsKey(userGroup1.Id));
+            Assert.IsTrue(permissions[content[0].Id].ContainsKey(userGroup2.Id));
+            Assert.IsTrue(permissions[content[0].Id].ContainsKey(userGroup3.Id));
+            //test that the correct number of permissions are returned for each group
+            Assert.AreEqual(2, permissions[content[0].Id][userGroup1.Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.AreEqual(1, permissions[content[0].Id][userGroup2.Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.AreEqual(defaultPermissionCount, permissions[content[0].Id][userGroup3.Id].SelectMany(x => x.AssignedPermissions).Count());
+
+            //test permissions contains content[1]
+            Assert.IsTrue(permissions.ContainsKey(content[1].Id));
+            //test that this permissions set contains permissions for all groups
+            Assert.IsTrue(permissions[content[1].Id].ContainsKey(userGroup1.Id));
+            Assert.IsTrue(permissions[content[1].Id].ContainsKey(userGroup2.Id));
+            Assert.IsTrue(permissions[content[1].Id].ContainsKey(userGroup3.Id));
+            //test that the correct number of permissions are returned for each group
+            Assert.AreEqual(1, permissions[content[1].Id][userGroup1.Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.AreEqual(1, permissions[content[1].Id][userGroup2.Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.AreEqual(defaultPermissionCount, permissions[content[1].Id][userGroup3.Id].SelectMany(x => x.AssignedPermissions).Count());
+
+            //test permissions contains content[2]
+            Assert.IsTrue(permissions.ContainsKey(content[2].Id));
+            //test that this permissions set contains permissions for all groups
+            Assert.IsTrue(permissions[content[2].Id].ContainsKey(userGroup1.Id));
+            Assert.IsTrue(permissions[content[2].Id].ContainsKey(userGroup2.Id));
+            Assert.IsTrue(permissions[content[2].Id].ContainsKey(userGroup3.Id));
+            //test that the correct number of permissions are returned for each group
+            Assert.AreEqual(1, permissions[content[2].Id][userGroup1.Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.AreEqual(defaultPermissionCount, permissions[content[2].Id][userGroup2.Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.AreEqual(defaultPermissionCount, permissions[content[2].Id][userGroup3.Id].SelectMany(x => x.AssignedPermissions).Count());
+        }
+
+        [Test]
+        public void Get_All_User_Group_Permissions_For_All_Nodes()
+        {
+            // Arrange
+            var userService = ServiceContext.UserService;
+            var userGroup = CreateTestUserGroup();
+
+            var contentType = MockedContentTypes.CreateSimpleContentType();
+            ServiceContext.ContentTypeService.Save(contentType);
+            var content = new[]
+            {
+                MockedContent.CreateSimpleContent(contentType),
+                MockedContent.CreateSimpleContent(contentType),
+                MockedContent.CreateSimpleContent(contentType)
+            };
+            ServiceContext.ContentService.Save(content);
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[0], ActionMove.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[1], ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(content[2], ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+
+            // Act
+            //we don't pass in any nodes so it will return all of them
+            var permissions = userService.GetPermissions(userGroup, true)
+                .GroupBy(x => x.EntityId)
+                .ToDictionary(x => x.Key, x => x);
+
+            //assert
+            Assert.AreEqual(3, permissions.Count);
+            Assert.IsTrue(permissions.ContainsKey(content[0].Id));
+            Assert.AreEqual(3, permissions[content[0].Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.IsTrue(permissions.ContainsKey(content[1].Id));
+            Assert.AreEqual(2, permissions[content[1].Id].SelectMany(x => x.AssignedPermissions).Count());
+            Assert.IsTrue(permissions.ContainsKey(content[2].Id));
+            Assert.AreEqual(1, permissions[content[2].Id].SelectMany(x => x.AssignedPermissions).Count());
+        }
+
+        [Test]
+        public void Calculate_Permissions_For_User_For_Path()
+        {
+            //see: http://issues.umbraco.org/issue/U4-10075#comment=67-40085
+            // for an overview of what this is testing
+
+            const string path = "-1,1,2,3,4";
+            var pathIds = path.GetIdsFromPathReversed();
+
+            const int groupA = 7;
+            const int groupB = 8;
+            const int groupC = 9;
+
+            var userGroups = new Dictionary<int, string[]>
+            {
+                {groupA, new[] {"S", "D", "F"}},
+                {groupB, new[] {"S", "D", "G", "K"}},
+                {groupC, new[] {"F", "G"}}
+            };
+
+            var permissions = new[]
+            {
+                new EntityPermission(groupA, 1, userGroups[groupA], isDefaultPermissions:true),
+                new EntityPermission(groupA, 2, userGroups[groupA], isDefaultPermissions:true),
+                new EntityPermission(groupA, 3, userGroups[groupA], isDefaultPermissions:true),
+                new EntityPermission(groupA, 4, userGroups[groupA], isDefaultPermissions:true),
+
+                new EntityPermission(groupB, 1, userGroups[groupB], isDefaultPermissions:true),
+                new EntityPermission(groupB, 2, new []{"F", "R"}, isDefaultPermissions:false),
+                new EntityPermission(groupB, 3, userGroups[groupB], isDefaultPermissions:true),
+                new EntityPermission(groupB, 4, userGroups[groupB], isDefaultPermissions:true),
+
+                new EntityPermission(groupC, 1, userGroups[groupC], isDefaultPermissions:true),
+                new EntityPermission(groupC, 2, userGroups[groupC], isDefaultPermissions:true),
+                new EntityPermission(groupC, 3, new []{"Q", "Z"}, isDefaultPermissions:false),
+                new EntityPermission(groupC, 4, userGroups[groupC], isDefaultPermissions:true),
+            };
+
+            //Permissions for Id 4
+            var result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds);
+            Assert.AreEqual(4, result.EntityId);
+            var allPermissions = result.GetAllPermissions().ToArray();
+            Assert.AreEqual(6, allPermissions.Length, string.Join(",", allPermissions));
+            Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "R", "Q", "Z" }));
+
+            //Permissions for Id 3
+            result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds.Skip(1).ToArray());
+            Assert.AreEqual(3, result.EntityId);
+            allPermissions = result.GetAllPermissions().ToArray();
+            Assert.AreEqual(6, allPermissions.Length, string.Join(",", allPermissions));
+            Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "R", "Q", "Z" }));
+
+            //Permissions for Id 2
+            result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds.Skip(2).ToArray());
+            Assert.AreEqual(2, result.EntityId);
+            allPermissions = result.GetAllPermissions().ToArray();
+            Assert.AreEqual(5, allPermissions.Length, string.Join(",", allPermissions));
+            Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "G", "R" }));
+
+            //Permissions for Id 1
+            result = UserService.CalculatePermissionsForPathForUser(permissions, pathIds.Skip(3).ToArray());
+            Assert.AreEqual(1, result.EntityId);
+            allPermissions = result.GetAllPermissions().ToArray();
+            Assert.AreEqual(5, allPermissions.Length, string.Join(",", allPermissions));
+            Assert.IsTrue(allPermissions.ContainsAll(new[] { "S", "D", "F", "G", "K" }));
+
+        }
+
+        [Test]
+        public void Determine_Deepest_Explicit_Permissions_For_Group_For_Path_1()
+        {
+            var path = "-1,1,2,3";
+            var pathIds = path.GetIdsFromPathReversed();
+            var defaults = new[] { "A", "B" };
+            var permissions = new List<EntityPermission>
+            {
+                new EntityPermission(9876, 1, defaults, isDefaultPermissions:true),
+                new EntityPermission(9876, 2, new []{"B","C", "D"}, isDefaultPermissions:false),
+                new EntityPermission(9876, 3, defaults, isDefaultPermissions:true)
+            };
+            var result = UserService.GetPermissionsForPathForGroup(permissions, pathIds, fallbackToDefaultPermissions: true);
+            Assert.AreEqual(3, result.AssignedPermissions.Length);
+            Assert.IsFalse(result.IsDefaultPermissions);
+            Assert.IsTrue(result.AssignedPermissions.ContainsAll(new[] { "B", "C", "D" }));
+            Assert.AreEqual(2, result.EntityId);
+            Assert.AreEqual(9876, result.UserGroupId);
+        }
+
+        [Test]
+        public void Determine_Deepest_Explicit_Permissions_For_Group_For_Path_2()
+        {
+            var path = "-1,1,2,3";
+            var pathIds = path.GetIdsFromPathReversed();
+            var defaults = new[] { "A", "B", "C" };
+            var permissions = new List<EntityPermission>
+            {
+                new EntityPermission(9876, 1, defaults, isDefaultPermissions:true),
+                new EntityPermission(9876, 2, defaults, isDefaultPermissions:true),
+                new EntityPermission(9876, 3, defaults, isDefaultPermissions:true)
+            };
+            var result = UserService.GetPermissionsForPathForGroup(permissions, pathIds, fallbackToDefaultPermissions: false);
+            Assert.IsNull(result);
+        }
+
+        [Test]
+        public void Determine_Deepest_Explicit_Permissions_For_Group_For_Path_3()
+        {
+            var path = "-1,1,2,3";
+            var pathIds = path.GetIdsFromPathReversed();
+            var defaults = new[] { "A", "B" };
+            var permissions = new List<EntityPermission>
+            {
+                new EntityPermission(9876, 1, defaults, isDefaultPermissions:true),
+                new EntityPermission(9876, 2, defaults, isDefaultPermissions:true),
+                new EntityPermission(9876, 3, defaults, isDefaultPermissions:true)
+            };
+            var result = UserService.GetPermissionsForPathForGroup(permissions, pathIds, fallbackToDefaultPermissions: true);
+            Assert.AreEqual(2, result.AssignedPermissions.Length);
+            Assert.IsTrue(result.IsDefaultPermissions);
+            Assert.IsTrue(result.AssignedPermissions.ContainsAll(defaults));
+            Assert.AreEqual(3, result.EntityId);
+            Assert.AreEqual(9876, result.UserGroupId);
+        }
+
+        [Test]
+        public void Get_User_Implicit_Permissions()
+        {
+            // Arrange
+            var userService = ServiceContext.UserService;
+            var userGroup = CreateTestUserGroup();
+
+            var contentType = MockedContentTypes.CreateSimpleContentType();
+            ServiceContext.ContentTypeService.Save(contentType);
+            var parent = MockedContent.CreateSimpleContent(contentType);
+            ServiceContext.ContentService.Save(parent);
+            var child1 = MockedContent.CreateSimpleContent(contentType, "child1", parent);
+            ServiceContext.ContentService.Save(child1);
+            var child2 = MockedContent.CreateSimpleContent(contentType, "child2", child1);
+            ServiceContext.ContentService.Save(child2);
+
+            ServiceContext.ContentService.AssignContentPermission(parent, ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(parent, ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(parent, ActionMove.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(parent, ActionBrowse.Instance.Letter, new int[] { userGroup.Id });
+            ServiceContext.ContentService.AssignContentPermission(parent, ActionDelete.Instance.Letter, new int[] { userGroup.Id });
+
+            // Act
+            var permissions = userService.GetPermissionsForPath(userGroup, child2.Path);
+
+            //assert
+            var allPermissions = permissions.GetAllPermissions().ToArray();
+            Assert.AreEqual(3, allPermissions.Length);
         }
 
         [Test]
         public void Can_Delete_User()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io", userType);
-
+            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io");
+
             ServiceContext.UserService.Delete(user, true);
             var deleted = ServiceContext.UserService.GetUserById(user.Id);
 
@@ -99,9 +437,7 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Disables_User_Instead_Of_Deleting_If_Flag_Not_Set()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io", userType);
+            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io");
 
             ServiceContext.UserService.Delete(user);
             var deleted = ServiceContext.UserService.GetUserById(user.Id);
@@ -113,10 +449,8 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Exists_By_Username()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io", userType);
-            var user2 = ServiceContext.UserService.CreateUserWithIdentity("john2@umbraco.io", "john2@umbraco.io", userType);
+            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io");
+            var user2 = ServiceContext.UserService.CreateUserWithIdentity("john2@umbraco.io", "john2@umbraco.io");
             Assert.IsTrue(ServiceContext.UserService.Exists("JohnDoe"));
             Assert.IsFalse(ServiceContext.UserService.Exists("notFound"));
             Assert.IsTrue(ServiceContext.UserService.Exists("john2@umbraco.io"));
@@ -125,9 +459,7 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Get_By_Email()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io", userType);
+            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io");
 
             Assert.IsNotNull(ServiceContext.UserService.GetByEmail(user.Email));
             Assert.IsNull(ServiceContext.UserService.GetByEmail("do@not.find"));
@@ -136,9 +468,7 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Get_By_Username()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io", userType);
+            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io");
 
             Assert.IsNotNull(ServiceContext.UserService.GetByUsername(user.Username));
             Assert.IsNull(ServiceContext.UserService.GetByUsername("notFound"));
@@ -147,9 +477,7 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Get_By_Username_With_Backslash()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var user = ServiceContext.UserService.CreateUserWithIdentity("mydomain\\JohnDoe", "john@umbraco.io", userType);
+            var user = ServiceContext.UserService.CreateUserWithIdentity("mydomain\\JohnDoe", "john@umbraco.io");
 
             Assert.IsNotNull(ServiceContext.UserService.GetByUsername(user.Username));
             Assert.IsNull(ServiceContext.UserService.GetByUsername("notFound"));
@@ -158,9 +486,7 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Get_By_Object_Id()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io", userType);
+            var user = ServiceContext.UserService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io");
 
             Assert.IsNotNull(ServiceContext.UserService.GetUserById(user.Id));
             Assert.IsNull(ServiceContext.UserService.GetUserById(9876));
@@ -169,17 +495,14 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Find_By_Email_Starts_With()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10);
+            var users = MockedUser.CreateMulipleUsers(10);
             ServiceContext.UserService.Save(users);
             //don't find this
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             customUser.Email = "hello@hello.com";
             ServiceContext.UserService.Save(customUser);
 
-            long totalRecs;
-            var found = ServiceContext.UserService.FindByEmail("tes", 0, 100, out totalRecs, StringPropertyMatchType.StartsWith);
+            var found = ServiceContext.UserService.FindByEmail("tes", 0, 100, out _, StringPropertyMatchType.StartsWith);
 
             Assert.AreEqual(10, found.Count());
         }
@@ -187,17 +510,14 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Find_By_Email_Ends_With()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10);
+            var users = MockedUser.CreateMulipleUsers(10);
             ServiceContext.UserService.Save(users);
             //include this
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             customUser.Email = "hello@test.com";
             ServiceContext.UserService.Save(customUser);
 
-            long totalRecs;
-            var found = ServiceContext.UserService.FindByEmail("test.com", 0, 100, out totalRecs, StringPropertyMatchType.EndsWith);
+            var found = ServiceContext.UserService.FindByEmail("test.com", 0, 100, out _, StringPropertyMatchType.EndsWith);
 
             Assert.AreEqual(11, found.Count());
         }
@@ -205,17 +525,14 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Find_By_Email_Contains()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10);
+            var users = MockedUser.CreateMulipleUsers(10);
             ServiceContext.UserService.Save(users);
             //include this
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             customUser.Email = "hello@test.com";
             ServiceContext.UserService.Save(customUser);
 
-            long totalRecs;
-            var found = ServiceContext.UserService.FindByEmail("test", 0, 100, out totalRecs, StringPropertyMatchType.Contains);
+            var found = ServiceContext.UserService.FindByEmail("test", 0, 100, out _, StringPropertyMatchType.Contains);
 
             Assert.AreEqual(11, found.Count());
         }
@@ -223,17 +540,14 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Find_By_Email_Exact()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10);
+            var users = MockedUser.CreateMulipleUsers(10);
             ServiceContext.UserService.Save(users);
             //include this
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             customUser.Email = "hello@test.com";
             ServiceContext.UserService.Save(customUser);
 
-            long totalRecs;
-            var found = ServiceContext.UserService.FindByEmail("hello@test.com", 0, 100, out totalRecs, StringPropertyMatchType.Exact);
+            var found = ServiceContext.UserService.FindByEmail("hello@test.com", 0, 100, out _, StringPropertyMatchType.Exact);
 
             Assert.AreEqual(1, found.Count());
         }
@@ -241,13 +555,10 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Get_All_Paged_Users()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10);
+            var users = MockedUser.CreateMulipleUsers(10);
             ServiceContext.UserService.Save(users);
 
-            long totalRecs;
-            var found = ServiceContext.UserService.GetAll(0, 2, out totalRecs);
+            var found = ServiceContext.UserService.GetAll(0, 2, out var totalRecs);
 
             Assert.AreEqual(2, found.Count());
             // + 1 because of the built in admin user
@@ -256,14 +567,77 @@ namespace Umbraco.Tests.Services
             Assert.AreEqual("test0", found.Last().Username);
         }
 
+        [Test]
+        public void Get_All_Paged_Users_With_Filter()
+        {
+            var users = MockedUser.CreateMulipleUsers(10).ToArray();
+            ServiceContext.UserService.Save(users);
+
+            var found = ServiceContext.UserService.GetAll(0, 2, out var totalRecs, "username", Direction.Ascending, filter: "test");
+
+            Assert.AreEqual(2, found.Count());
+            Assert.AreEqual(10, totalRecs);
+            Assert.AreEqual("test0", found.First().Username);
+            Assert.AreEqual("test1", found.Last().Username);
+        }
+
+        [Test]
+        public void Get_All_Paged_Users_For_Group()
+        {
+            var userGroup = MockedUserGroup.CreateUserGroup();
+            ServiceContext.UserService.Save(userGroup);
+
+            var users = MockedUser.CreateMulipleUsers(10).ToArray();
+            for (var i = 0; i < 10;)
+            {
+                users[i].AddGroup(userGroup.ToReadOnlyGroup());
+                i = i + 2;
+            }
+            ServiceContext.UserService.Save(users);
+
+            long totalRecs;
+            var found = ServiceContext.UserService.GetAll(0, 2, out totalRecs, "username", Direction.Ascending, userGroups: new[] { userGroup.Alias });
+
+            Assert.AreEqual(2, found.Count());
+            Assert.AreEqual(5, totalRecs);
+            Assert.AreEqual("test0", found.First().Username);
+            Assert.AreEqual("test2", found.Last().Username);
+        }
+
+        [Test]
+        public void Get_All_Paged_Users_For_Group_With_Filter()
+        {
+            var userGroup = MockedUserGroup.CreateUserGroup();
+            ServiceContext.UserService.Save(userGroup);
+
+            var users = MockedUser.CreateMulipleUsers(10).ToArray();
+            for (var i = 0; i < 10;)
+            {
+                users[i].AddGroup(userGroup.ToReadOnlyGroup());
+                i = i + 2;
+            }
+            for (var i = 0; i < 10;)
+            {
+                users[i].Name = "blah" + users[i].Name;
+                i = i + 3;
+            }
+            ServiceContext.UserService.Save(users);
+
+            long totalRecs;
+            var found = ServiceContext.UserService.GetAll(0, 2, out totalRecs, "username", Direction.Ascending, userGroups: new[] { userGroup.Alias }, filter: "blah");
+
+            Assert.AreEqual(2, found.Count());
+            Assert.AreEqual(2, totalRecs);
+            Assert.AreEqual("test0", found.First().Username);
+            Assert.AreEqual("test6", found.Last().Username);
+        }
+
         [Test]
         public void Count_All_Users()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10);
+            var users = MockedUser.CreateMulipleUsers(10);
             ServiceContext.UserService.Save(users);
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             ServiceContext.UserService.Save(customUser);
 
             var found = ServiceContext.UserService.GetCount(MemberCountType.All);
@@ -272,28 +646,24 @@ namespace Umbraco.Tests.Services
             Assert.AreEqual(12, found);
         }
 
-        [Ignore("fixme - ignored test")]
+        [Ignore("why?")]
         [Test]
         public void Count_All_Online_Users()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10, (i, member) => member.LastLoginDate = DateTime.Now.AddMinutes(i * -2));
+            var users = MockedUser.CreateMulipleUsers(10, (i, member) => member.LastLoginDate = DateTime.Now.AddMinutes(i * -2));
             ServiceContext.UserService.Save(users);
 
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             throw new NotImplementedException();
         }
 
         [Test]
         public void Count_All_Locked_Users()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10, (i, member) => member.IsLockedOut = i % 2 == 0);
+            var users = MockedUser.CreateMulipleUsers(10, (i, member) => member.IsLockedOut = i % 2 == 0);
             ServiceContext.UserService.Save(users);
 
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             customUser.IsLockedOut = true;
             ServiceContext.UserService.Save(customUser);
 
@@ -305,12 +675,10 @@ namespace Umbraco.Tests.Services
         [Test]
         public void Count_All_Approved_Users()
         {
-            var userType = MockedUserType.CreateUserType();
-            ServiceContext.UserService.SaveUserType(userType);
-            var users = MockedUser.CreateUser(userType, 10, (i, member) => member.IsApproved = i % 2 == 0);
+            var users = MockedUser.CreateMulipleUsers(10, (i, member) => member.IsApproved = i % 2 == 0);
             ServiceContext.UserService.Save(users);
 
-            var customUser = MockedUser.CreateUser(userType);
+            var customUser = MockedUser.CreateUser();
             customUser.IsApproved = false;
             ServiceContext.UserService.Save(customUser);
 
@@ -320,36 +688,20 @@ namespace Umbraco.Tests.Services
             Assert.AreEqual(6, found);
         }
 
-        [Test]
-        public void Can_Persist_New_User_Type()
-        {
-            // Arrange
-            var userService = ServiceContext.UserService;
-            var userType = MockedUserType.CreateUserType();
-
-            // Act
-            userService.SaveUserType(userType);
-
-            // Assert
-            Assert.That(userType.HasIdentity, Is.True);
-        }
-
         [Test]
         public void Can_Persist_New_User()
         {
             // Arrange
             var userService = ServiceContext.UserService;
-            var userType = userService.GetUserTypeByAlias("admin");
 
             // Act
-            var membershipUser = userService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io", userType);
+            var membershipUser = userService.CreateUserWithIdentity("JohnDoe", "john@umbraco.io");
 
             // Assert
             Assert.That(membershipUser.HasIdentity, Is.True);
             Assert.That(membershipUser.Id, Is.GreaterThan(0));
             IUser user = membershipUser as User;
             Assert.That(user, Is.Not.Null);
-            Assert.That(user.DefaultPermissions, Is.EqualTo(userType.Permissions));
         }
 
         [Test]
@@ -357,7 +709,6 @@ namespace Umbraco.Tests.Services
         {
             // Arrange
             var userService = ServiceContext.UserService;
-            var userType = userService.GetUserTypeByAlias("admin");
 
             // Act
             // NOTE: Normally the hash'ing would be handled in the membership provider, so the service just saves the password
@@ -365,7 +716,7 @@ namespace Umbraco.Tests.Services
             var hash = new HMACSHA1();
             hash.Key = Encoding.Unicode.GetBytes(password);
             var encodedPassword = Convert.ToBase64String(hash.ComputeHash(Encoding.Unicode.GetBytes(password)));
-            var membershipUser = new User("JohnDoe", "john@umbraco.io", encodedPassword, encodedPassword, userType);
+            var membershipUser = new User("JohnDoe", "john@umbraco.io", encodedPassword, encodedPassword);
             userService.Save(membershipUser);
 
             // Assert
@@ -374,37 +725,41 @@ namespace Umbraco.Tests.Services
             Assert.That(membershipUser.RawPasswordValue, Is.EqualTo(encodedPassword));
             IUser user = membershipUser as User;
             Assert.That(user, Is.Not.Null);
-            Assert.That(user.DefaultPermissions, Is.EqualTo(userType.Permissions));
         }
 
         [Test]
-        public void Can_Add_And_Remove_Sections_From_User()
+        public void Can_Add_And_Remove_Sections_From_UserGroup()
         {
-            var userType = ServiceContext.UserService.GetUserTypeByAlias("admin");
+            var userGroup = new UserGroup
+            {
+                Alias = "Group1",
+                Name = "Group 1"
+            };
+            userGroup.AddAllowedSection("content");
+            userGroup.AddAllowedSection("mediat");
+            ServiceContext.UserService.Save(userGroup);
 
-            var user1 = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
+            var result1 = ServiceContext.UserService.GetUserGroupById(userGroup.Id);
 
-            var result1 = ServiceContext.UserService.GetUserById(user1.Id);
-            //expect 2 sections by default
-            // 3: see commit eb59d33
-            Assert.AreEqual(3, result1.AllowedSections.Count());
+            Assert.AreEqual(2, result1.AllowedSections.Count());
 
             //adds some allowed sections
-            user1.AddAllowedSection("test1");
-            user1.AddAllowedSection("test2");
-            user1.AddAllowedSection("test3");
-            user1.AddAllowedSection("test4");
-            ServiceContext.UserService.Save(user1);
+            userGroup.AddAllowedSection("test1");
+            userGroup.AddAllowedSection("test2");
+            userGroup.AddAllowedSection("test3");
+            userGroup.AddAllowedSection("test4");
+            ServiceContext.UserService.Save(userGroup);
 
-            result1 = ServiceContext.UserService.GetUserById(user1.Id);
-            //expect 7 sections including the two default sections
-            Assert.AreEqual(7, result1.AllowedSections.Count());
+            result1 = ServiceContext.UserService.GetUserGroupById(userGroup.Id);
+
+            Assert.AreEqual(6, result1.AllowedSections.Count());
 
             //simulate clearing the sections
-            foreach (var s in user1.AllowedSections)
+            foreach (var s in userGroup.AllowedSections)
             {
                 result1.RemoveAllowedSection(s);
             }
+
             //now just re-add a couple
             result1.AddAllowedSection("test3");
             result1.AddAllowedSection("test4");
@@ -412,80 +767,100 @@ namespace Umbraco.Tests.Services
 
             //assert
             //re-get
-            result1 = ServiceContext.UserService.GetUserById(user1.Id);
+            result1 = ServiceContext.UserService.GetUserGroupById(userGroup.Id);
             Assert.AreEqual(2, result1.AllowedSections.Count());
         }
 
         [Test]
-        public void Can_Remove_Section_From_All_Assigned_Users()
+        public void Can_Remove_Section_From_All_Assigned_UserGroups()
         {
-            var userType = ServiceContext.UserService.GetUserTypeByAlias("admin");
-
-            var user1 = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
-            var user2 = ServiceContext.UserService.CreateUserWithIdentity("test2", "test2@test.com", userType);
+            var userGroup1 = new UserGroup
+            {
+                Alias = "Group1",
+                Name = "Group 1"
+            };
+            var userGroup2 = new UserGroup
+            {
+                Alias = "Group2",
+                Name = "Group 2"
+            };
+            ServiceContext.UserService.Save(userGroup1);
+            ServiceContext.UserService.Save(userGroup2);
 
             //adds some allowed sections
-            user1.AddAllowedSection("test");
-            user2.AddAllowedSection("test");
-            ServiceContext.UserService.Save(user1);
-            ServiceContext.UserService.Save(user2);
+            userGroup1.AddAllowedSection("test");
+            userGroup2.AddAllowedSection("test");
+            ServiceContext.UserService.Save(userGroup1);
+            ServiceContext.UserService.Save(userGroup2);
 
             //now clear the section from all users
-            ServiceContext.UserService.DeleteSectionFromAllUsers("test");
+            ServiceContext.UserService.DeleteSectionFromAllUserGroups("test");
 
             //assert
-            var result1 = ServiceContext.UserService.GetUserById((int)user1.Id);
-            var result2 = ServiceContext.UserService.GetUserById((int)user2.Id);
+            var result1 = ServiceContext.UserService.GetUserGroupById(userGroup1.Id);
+            var result2 = ServiceContext.UserService.GetUserGroupById(userGroup2.Id);
             Assert.IsFalse(result1.AllowedSections.Contains("test"));
             Assert.IsFalse(result2.AllowedSections.Contains("test"));
         }
 
         [Test]
-        public void Can_Add_Section_To_All_Users()
+        public void Can_Add_Section_To_All_UserGroups()
         {
-            var userType = ServiceContext.UserService.GetUserTypeByAlias("admin");
+            var userGroup1 = new UserGroup
+            {
+                Alias = "Group1",
+                Name = "Group 1"
+            };
+            userGroup1.AddAllowedSection("test");
 
-            var user1 = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
-            var user2 = ServiceContext.UserService.CreateUserWithIdentity("test2", "test2@test.com", userType);
-            var user3 = ServiceContext.UserService.CreateUserWithIdentity("test3", "test3@test.com", userType);
-            var user4 = ServiceContext.UserService.CreateUserWithIdentity("test4", "test4@test.com", userType);
+            var userGroup2 = new UserGroup
+            {
+                Alias = "Group2",
+                Name = "Group 2"
+            };
+            userGroup2.AddAllowedSection("test");
 
-            //now add the section to specific users
-            ServiceContext.UserService.AddSectionToAllUsers("test", (int)user1.Id, (int)user2.Id);
-
-            //assert
-            var result1 = ServiceContext.UserService.GetUserById((int)user1.Id);
-            var result2 = ServiceContext.UserService.GetUserById((int)user2.Id);
-            var result3 = ServiceContext.UserService.GetUserById((int)user3.Id);
-            var result4 = ServiceContext.UserService.GetUserById((int)user4.Id);
+            var userGroup3 = new UserGroup
+            {
+                Alias = "Group3",
+                Name = "Group 3"
+            };
+            ServiceContext.UserService.Save(userGroup1);
+            ServiceContext.UserService.Save(userGroup2);
+            ServiceContext.UserService.Save(userGroup3);
+
+            //assert
+            var result1 = ServiceContext.UserService.GetUserGroupById(userGroup1.Id);
+            var result2 = ServiceContext.UserService.GetUserGroupById(userGroup2.Id);
+            var result3 = ServiceContext.UserService.GetUserGroupById(userGroup3.Id);
             Assert.IsTrue(result1.AllowedSections.Contains("test"));
             Assert.IsTrue(result2.AllowedSections.Contains("test"));
             Assert.IsFalse(result3.AllowedSections.Contains("test"));
-            Assert.IsFalse(result4.AllowedSections.Contains("test"));
 
-            //now add the section to all users
-            ServiceContext.UserService.AddSectionToAllUsers("test");
+            //now add the section to all groups
+            foreach (var userGroup in new[] { userGroup1, userGroup2, userGroup3 })
+            {
+                userGroup.AddAllowedSection("test");
+                ServiceContext.UserService.Save(userGroup);
+            }
 
             //assert
-            result1 = ServiceContext.UserService.GetUserById((int)user1.Id);
-            result2 = ServiceContext.UserService.GetUserById((int)user2.Id);
-            result3 = ServiceContext.UserService.GetUserById((int)user3.Id);
-            result4 = ServiceContext.UserService.GetUserById((int)user4.Id);
+            result1 = ServiceContext.UserService.GetUserGroupById(userGroup1.Id);
+            result2 = ServiceContext.UserService.GetUserGroupById(userGroup2.Id);
+            result3 = ServiceContext.UserService.GetUserGroupById(userGroup3.Id);
             Assert.IsTrue(result1.AllowedSections.Contains("test"));
             Assert.IsTrue(result2.AllowedSections.Contains("test"));
             Assert.IsTrue(result3.AllowedSections.Contains("test"));
-            Assert.IsTrue(result4.AllowedSections.Contains("test"));
         }
 
         [Test]
         public void Cannot_Create_User_With_Empty_Username()
         {
             // Arrange
-            var userService = ServiceContext.UserService;
-            var userType = userService.GetUserTypeByAlias("admin");
-
-            // Act & Assert
-            Assert.Throws<ArgumentNullOrEmptyException>(() => userService.CreateUserWithIdentity(string.Empty, "john@umbraco.io", userType));
+            var userService = ServiceContext.UserService;
+
+            // Act & Assert
+            Assert.Throws<ArgumentException>(() => userService.CreateUserWithIdentity(string.Empty, "john@umbraco.io"));
         }
 
         [Test]
@@ -493,8 +868,7 @@ namespace Umbraco.Tests.Services
         {
             // Arrange
             var userService = ServiceContext.UserService;
-            var userType = userService.GetUserTypeByAlias("admin");
-            var user = userService.CreateUserWithIdentity("John Doe", "john@umbraco.io", userType);
+            var user = userService.CreateUserWithIdentity("John Doe", "john@umbraco.io");
             user.Username = string.Empty;
 
             // Act & Assert
@@ -506,8 +880,7 @@ namespace Umbraco.Tests.Services
         {
             // Arrange
             var userService = ServiceContext.UserService;
-            var userType = userService.GetUserTypeByAlias("admin");
-            var user = userService.CreateUserWithIdentity("John Doe", "john@umbraco.io", userType);
+            var user = userService.CreateUserWithIdentity("John Doe", "john@umbraco.io");
             user.Name = string.Empty;
 
             // Act & Assert
@@ -518,8 +891,7 @@ namespace Umbraco.Tests.Services
         public void Get_By_Profile_Username()
         {
             // Arrange
-            var userType = ServiceContext.UserService.GetUserTypeByAlias("admin");
-            var user = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
+            var user = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com");
 
             // Act
 
@@ -535,8 +907,7 @@ namespace Umbraco.Tests.Services
         public void Get_By_Profile_Id()
         {
             // Arrange
-            var userType = ServiceContext.UserService.GetUserTypeByAlias("admin");
-            var user = (IUser)ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
+            var user = (IUser)ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com");
 
             // Act
 
@@ -552,8 +923,8 @@ namespace Umbraco.Tests.Services
         public void Get_User_By_Username()
         {
             // Arrange
-            var userType = ServiceContext.UserService.GetUserTypeByAlias("admin");
-            var originalUser = (User)ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com", userType);
+            IUserGroup userGroup;
+            var originalUser = CreateTestUser(out userGroup);
 
             // Act
 
@@ -563,16 +934,42 @@ namespace Umbraco.Tests.Services
             Assert.IsNotNull(updatedItem);
             Assert.That(updatedItem.Id, Is.EqualTo(originalUser.Id));
             Assert.That(updatedItem.Name, Is.EqualTo(originalUser.Name));
-            Assert.That(updatedItem.DefaultPermissions, Is.EqualTo(originalUser.DefaultPermissions));
             Assert.That(updatedItem.Language, Is.EqualTo(originalUser.Language));
             Assert.That(updatedItem.IsApproved, Is.EqualTo(originalUser.IsApproved));
             Assert.That(updatedItem.RawPasswordValue, Is.EqualTo(originalUser.RawPasswordValue));
             Assert.That(updatedItem.IsLockedOut, Is.EqualTo(originalUser.IsLockedOut));
-            Assert.That(updatedItem.StartContentId, Is.EqualTo(originalUser.StartContentId));
-            Assert.That(updatedItem.StartMediaId, Is.EqualTo(originalUser.StartMediaId));
+            Assert.IsTrue(updatedItem.StartContentIds.UnsortedSequenceEqual(originalUser.StartContentIds));
+            Assert.IsTrue(updatedItem.StartMediaIds.UnsortedSequenceEqual(originalUser.StartMediaIds));
             Assert.That(updatedItem.Email, Is.EqualTo(originalUser.Email));
             Assert.That(updatedItem.Username, Is.EqualTo(originalUser.Username));
-            Assert.That(updatedItem.AllowedSections.Count(), Is.EqualTo(3)); // 3: see commit eb59d33
+            Assert.That(updatedItem.AllowedSections.Count(), Is.EqualTo(2));
+        }
+
+        private IUser CreateTestUser(out IUserGroup userGroup)
+        {
+            userGroup = CreateTestUserGroup();
+
+            var user = ServiceContext.UserService.CreateUserWithIdentity("test1", "test1@test.com");
+            user.AddGroup(userGroup.ToReadOnlyGroup());
+            ServiceContext.UserService.Save(user);
+            return user;
+        }
+
+        private UserGroup CreateTestUserGroup(string alias = "testGroup", string name = "Test Group")
+        {
+            var userGroup = new UserGroup
+            {
+                Alias = alias,
+                Name = name,
+                Permissions = "ABCDEFGHIJ1234567".ToCharArray().Select(x => x.ToString())
+            };
+
+            userGroup.AddAllowedSection("content");
+            userGroup.AddAllowedSection("media");
+
+            ServiceContext.UserService.Save(userGroup);
+
+            return userGroup;
         }
     }
 }
diff --git a/src/Umbraco.Tests/Strings/DefaultShortStringHelperTests.cs b/src/Umbraco.Tests/Strings/DefaultShortStringHelperTests.cs
index b2be6179fb..67baab695c 100644
--- a/src/Umbraco.Tests/Strings/DefaultShortStringHelperTests.cs
+++ b/src/Umbraco.Tests/Strings/DefaultShortStringHelperTests.cs
@@ -118,6 +118,33 @@ namespace Umbraco.Tests.Strings
             Assert.AreEqual("aeoa-and-aeoa-and-and-and-grosser-bbddzhzh-page", output);
         }
 
+        [Test]
+        public void U4_4056_TryAscii()
+        {
+            var settings = SettingsForTests.GenerateMockSettings();
+            var contentMock = Mock.Get(settings.RequestHandler);
+            contentMock.Setup(x => x.CharCollection).Returns(Enumerable.Empty<IChar>());
+            contentMock.Setup(x => x.ConvertUrlsToAscii).Returns(false);
+            SettingsForTests.ConfigureSettings(settings);
+
+            const string input1 = "ÆØÅ and æøå and 中文测试 and  אודות האתר and größer БбДдЖж page";
+            const string input2 = "ÆØÅ and æøå and größer БбДдЖж page";
+
+            var helper = new DefaultShortStringHelper(new DefaultShortStringHelperConfig().WithDefault(settings)); // unicode
+            Assert.AreEqual("æøå-and-æøå-and-中文测试-and-אודות-האתר-and-größer-ббдджж-page", helper.CleanStringForUrlSegment(input1));
+            Assert.AreEqual("æøå-and-æøå-and-größer-ббдджж-page", helper.CleanStringForUrlSegment(input2));
+
+            helper = new DefaultShortStringHelper(new DefaultShortStringHelperConfig().WithDefault(settings)
+                .WithConfig(CleanStringType.UrlSegment, new DefaultShortStringHelperConfig.Config
+                {
+                    IsTerm = (c, leading) => char.IsLetterOrDigit(c) || c == '_',
+                    StringType = CleanStringType.LowerCase | CleanStringType.TryAscii, // try ascii
+                    Separator = '-'
+                }));
+            Assert.AreEqual("æøå-and-æøå-and-中文测试-and-אודות-האתר-and-größer-ббдджж-page", helper.CleanStringForUrlSegment(input1));
+            Assert.AreEqual("aeoa-and-aeoa-and-grosser-bbddzhzh-page", helper.CleanStringForUrlSegment(input2));
+        }
+
         [Test]
         public void CleanStringUnderscoreInTerm()
         {
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingExtensions.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingExtensions.cs
new file mode 100644
index 0000000000..f7d457f0d1
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingExtensions.cs
@@ -0,0 +1,18 @@
+using System;
+using Microsoft.Owin.Extensions;
+using Owin;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    public static class AuthenticateEverythingExtensions
+    {
+        public static IAppBuilder AuthenticateEverything(this IAppBuilder app)
+        {
+            if (app == null)
+                throw new ArgumentNullException("app");
+            app.Use(typeof(AuthenticateEverythingMiddleware), (object)app, (object)new AuthenticateEverythingMiddleware.AuthenticateEverythingAuthenticationOptions());
+            app.UseStageMarker(PipelineStage.Authenticate);
+            return app;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingMiddleware.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingMiddleware.cs
new file mode 100644
index 0000000000..0cfcb47ade
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/AuthenticateEverythingMiddleware.cs
@@ -0,0 +1,55 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.Owin;
+using Microsoft.Owin.Security;
+using Microsoft.Owin.Security.Infrastructure;
+using Owin;
+using Umbraco.Core.Security;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    public class AuthenticateEverythingMiddleware : AuthenticationMiddleware<AuthenticationOptions>
+    {
+        public AuthenticateEverythingMiddleware(OwinMiddleware next, IAppBuilder app, AuthenticationOptions options)
+            : base(next, options)
+        {
+        }
+
+        protected override AuthenticationHandler<AuthenticationOptions> CreateHandler()
+        {
+            return new AuthenticateEverythingHandler();
+        }
+
+        public class AuthenticateEverythingHandler : AuthenticationHandler<AuthenticationOptions>
+        {
+            protected override Task<AuthenticationTicket> AuthenticateCoreAsync()
+            {
+                var identity = new UmbracoBackOfficeIdentity(
+                    new UserData(Guid.NewGuid().ToString())
+                    {
+                        Id = 0,
+                        Roles = new[] { "admin" },
+                        AllowedApplications = new[] { "content", "media", "members" },
+                        Culture = "en-US",
+                        RealName = "Admin",                        
+                        Username = "admin"
+                    });
+
+                return Task.FromResult(new AuthenticationTicket(identity,
+                    new AuthenticationProperties()
+                    {
+                        ExpiresUtc = DateTime.Now.AddDays(1)
+                    }));
+            }
+        }
+
+        public class AuthenticateEverythingAuthenticationOptions : AuthenticationOptions
+        {
+            public AuthenticateEverythingAuthenticationOptions()
+                : base("AuthenticateEverything")
+            {
+                AuthenticationMode = AuthenticationMode.Active;
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/SpecificAssemblyResolver.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/SpecificAssemblyResolver.cs
new file mode 100644
index 0000000000..b301952c92
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/SpecificAssemblyResolver.cs
@@ -0,0 +1,21 @@
+using System.Collections.Generic;
+using System.Reflection;
+using System.Web.Http.Dispatcher;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    public class SpecificAssemblyResolver : IAssembliesResolver
+    {
+        private readonly Assembly[] _assemblies;
+
+        public SpecificAssemblyResolver(Assembly[] assemblies)
+        {
+            _assemblies = assemblies;
+        }
+
+        public ICollection<Assembly> GetAssemblies()
+        {
+            return _assemblies;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivator.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivator.cs
new file mode 100644
index 0000000000..81cdeccbfe
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivator.cs
@@ -0,0 +1,22 @@
+using System;
+using System.Net.Http;
+using System.Web.Http;
+using Umbraco.Web;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    public class TestControllerActivator : TestControllerActivatorBase
+    {
+        private readonly Func<HttpRequestMessage, UmbracoHelper, ApiController> _factory;
+
+        public TestControllerActivator(Func<HttpRequestMessage, UmbracoHelper, ApiController> factory)
+        {
+            _factory = factory;
+        }        
+
+        protected override ApiController CreateController(Type controllerType, HttpRequestMessage msg, UmbracoHelper helper)
+        {
+            return _factory(msg, helper);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivatorBase.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivatorBase.cs
new file mode 100644
index 0000000000..65d114793d
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestControllerActivatorBase.cs
@@ -0,0 +1,144 @@
+using System;
+using System.Collections;
+using System.Linq;
+using System.Net.Http;
+using System.Web;
+using System.Web.Http;
+using System.Web.Http.Controllers;
+using System.Web.Http.Dispatcher;
+using System.Web.Security;
+using Moq;
+using Semver;
+using Umbraco.Core;
+using Umbraco.Core.Cache;
+using Umbraco.Core.Composing;
+using Umbraco.Core.Configuration.UmbracoSettings;
+using Umbraco.Core.Dictionary;
+using Umbraco.Core.Models;
+using Umbraco.Core.Models.Membership;
+using Umbraco.Core.Models.PublishedContent;
+using Umbraco.Core.Security;
+using Umbraco.Core.Services;
+using Umbraco.Tests.TestHelpers.Stubs;
+using Umbraco.Web;
+using Umbraco.Web.PublishedCache;
+using Umbraco.Web.Routing;
+using Umbraco.Web.Security;
+using Umbraco.Web.WebApi;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    /// <summary>
+    /// Used to mock all of the services required for re-mocking and testing controllers
+    /// </summary>
+    /// <remarks>
+    /// A more complete version of this is found in the Umbraco REST API project but this has the basics covered
+    /// </remarks>
+    public abstract class TestControllerActivatorBase : DefaultHttpControllerActivator, IHttpControllerActivator
+    {
+        IHttpController IHttpControllerActivator.Create(HttpRequestMessage request, HttpControllerDescriptor controllerDescriptor, Type controllerType)
+        {
+            if (typeof(UmbracoApiControllerBase).IsAssignableFrom(controllerType))
+            {
+                var owinContext = request.TryGetOwinContext().Result;
+                
+                var mockedUserService = Mock.Of<IUserService>();
+
+                var mockedMigrationService = new Mock<IMigrationEntryService>();
+                //set it up to return anything so that the app ctx is 'Configured'
+                mockedMigrationService.Setup(x => x.FindEntry(It.IsAny<string>(), It.IsAny<SemVersion>())).Returns(Mock.Of<IMigrationEntry>());
+
+                var serviceContext = new ServiceContext(
+                    userService: mockedUserService,
+                    migrationEntryService: mockedMigrationService.Object,
+                    localizedTextService:Mock.Of<ILocalizedTextService>(),
+                    sectionService:Mock.Of<ISectionService>());
+
+                //ensure the configuration matches the current version for tests
+                SettingsForTests.ConfigurationStatus = Current.RuntimeState.SemanticVersion.ToSemanticString();
+
+                // fixme v8?
+                ////new app context
+                //var dbCtx = new Mock<DatabaseContext>(Mock.Of<IDatabaseFactory>(), Mock.Of<ILogger>(), Mock.Of<ISqlSyntaxProvider>(), "test");
+                ////ensure these are set so that the appctx is 'Configured'
+                //dbCtx.Setup(x => x.CanConnect).Returns(true);
+                //dbCtx.Setup(x => x.IsDatabaseConfigured).Returns(true);
+                //var appCtx = ApplicationContext.EnsureContext(
+                //    dbCtx.Object,
+                //    //pass in mocked services
+                //    serviceContext,
+                //    CacheHelper.CreateDisabledCacheHelper(),
+                //    new ProfilingLogger(Mock.Of<ILogger>(), Mock.Of<IProfiler>()),
+                //    true);
+
+                //httpcontext with an auth'd user
+                var httpContext = Mock.Of<HttpContextBase>(
+                    http => http.User == owinContext.Authentication.User
+                            //ensure the request exists with a cookies collection    
+                            && http.Request == Mock.Of<HttpRequestBase>(r => r.Cookies == new HttpCookieCollection())
+                            //ensure the request exists with an items collection    
+                            && http.Items == Mock.Of<IDictionary>());
+                //chuck it into the props since this is what MS does when hosted and it's needed there
+                request.Properties["MS_HttpContext"] = httpContext;                
+
+                var backofficeIdentity = (UmbracoBackOfficeIdentity) owinContext.Authentication.User.Identity;
+
+                var webSecurity = new Mock<WebSecurity>(null, null);
+
+                //mock CurrentUser
+                webSecurity.Setup(x => x.CurrentUser)
+                    .Returns(Mock.Of<IUser>(u => u.IsApproved == true
+                                                 && u.IsLockedOut == false
+                                                 && u.AllowedSections == backofficeIdentity.AllowedApplications
+                                                 && u.Email == "admin@admin.com"
+                                                 && u.Id == (int) backofficeIdentity.Id
+                                                 && u.Language == "en"
+                                                 && u.Name == backofficeIdentity.RealName
+                                                 && u.StartContentIds == backofficeIdentity.StartContentNodes
+                                                 && u.StartMediaIds == backofficeIdentity.StartMediaNodes
+                                                 && u.Username == backofficeIdentity.Username));
+
+                //mock Validate
+                webSecurity.Setup(x => x.ValidateCurrentUser())
+                    .Returns(() => true);               
+                webSecurity.Setup(x => x.UserHasAppAccess(It.IsAny<string>(), It.IsAny<IUser>()))
+                    .Returns(() => true);
+
+                var umbCtx = UmbracoContext.EnsureContext(
+                    //set the user of the HttpContext
+                    new TestUmbracoContextAccessor(),
+                    httpContext,
+                    Mock.Of<IFacadeService>(),
+                    webSecurity.Object,
+                    Mock.Of<IUmbracoSettingsSection>(section => section.WebRouting == Mock.Of<IWebRoutingSection>(routingSection => routingSection.UrlProviderMode == UrlProviderMode.Auto.ToString())),
+                    Enumerable.Empty<IUrlProvider>(),
+                    true); //replace it
+
+                var urlHelper = new Mock<IUrlProvider>();
+                urlHelper.Setup(provider => provider.GetUrl(It.IsAny<UmbracoContext>(), It.IsAny<int>(), It.IsAny<Uri>(), It.IsAny<UrlProviderMode>()))
+                    .Returns("/hello/world/1234");
+
+                var membershipHelper = new MembershipHelper(umbCtx, Mock.Of<MembershipProvider>(), Mock.Of<RoleProvider>());
+
+                var mockedTypedContent = Mock.Of<IPublishedContentQuery>();
+
+                var umbHelper = new UmbracoHelper(umbCtx,
+                    Mock.Of<IPublishedContent>(),
+                    mockedTypedContent,
+                    Mock.Of<ITagQuery>(),
+                    Mock.Of<IDataTypeService>(),
+                    Mock.Of<ICultureDictionary>(),
+                    Mock.Of<IUmbracoComponentRenderer>(),
+                    membershipHelper,
+                    new ServiceContext(), // fixme 'course that won't work
+                    CacheHelper.NoCache);
+
+                return CreateController(controllerType, request, umbHelper);
+            }
+            //default
+            return base.Create(request, controllerDescriptor, controllerType);
+        }
+
+        protected abstract ApiController CreateController(Type controllerType, HttpRequestMessage msg, UmbracoHelper helper);
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestRunner.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestRunner.cs
new file mode 100644
index 0000000000..cc024b40a2
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestRunner.cs
@@ -0,0 +1,79 @@
+using System;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading.Tasks;
+using System.Web.Http;
+using Microsoft.Owin.Testing;
+using Newtonsoft.Json;
+using NUnit.Framework;
+using Umbraco.Core;
+using Umbraco.Web;
+using Umbraco.Web.WebApi;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    public class TestRunner
+    {
+        private readonly Func<HttpRequestMessage, UmbracoHelper, ApiController> _controllerFactory;
+
+        public TestRunner(Func<HttpRequestMessage, UmbracoHelper, ApiController> controllerFactory)
+        {
+            _controllerFactory = controllerFactory;
+        }
+
+        public async Task<Tuple<HttpResponseMessage, string>> Execute(string controllerName, string actionName, HttpMethod method, HttpContent content = null)
+        {
+            var startup = new TestStartup(
+                configuration =>
+                {
+                    configuration.Routes.MapHttpRoute("Default",
+                        routeTemplate: "{controller}/{action}/{id}",
+                        defaults: new { controller = controllerName, action = actionName, id = RouteParameter.Optional });
+                },
+                _controllerFactory);
+
+            using (var server = TestServer.Create(builder => startup.Configuration(builder)))
+            {
+                var request = new HttpRequestMessage
+                {
+                    RequestUri = new Uri("https://testserver/"),
+                    Method = method
+                };
+
+                if (content != null)
+                    request.Content = content;
+
+                request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
+
+                Console.WriteLine(request);
+                var response = await server.HttpClient.SendAsync(request);
+                Console.WriteLine(response);
+
+                string json = "";
+                if (response.IsSuccessStatusCode == false)
+                {
+                    WriteResponseError(response);
+                }
+                else
+                {
+                    json = (await ((StreamContent)response.Content).ReadAsStringAsync()).TrimStart(AngularJsonMediaTypeFormatter.XsrfPrefix);
+                    var deserialized = JsonConvert.DeserializeObject(json);
+                    Console.Write(JsonConvert.SerializeObject(deserialized, Formatting.Indented));
+                }
+
+                Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
+                return Tuple.Create(response, json);
+            }
+        }
+
+        private static void WriteResponseError(HttpResponseMessage response)
+        {
+            var result = response.Content.ReadAsStringAsync().Result;
+            Console.Out.WriteLine("Http operation unsuccessfull");
+            Console.Out.WriteLine(string.Format("Status: '{0}'", response.StatusCode));
+            Console.Out.WriteLine(string.Format("Reason: '{0}'", response.ReasonPhrase));
+            Console.Out.WriteLine(result);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestStartup.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestStartup.cs
new file mode 100644
index 0000000000..1bbb03095f
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TestStartup.cs
@@ -0,0 +1,54 @@
+using System;
+using System.Net.Http;
+using System.Web.Http;
+using System.Web.Http.Dispatcher;
+using System.Web.Http.ExceptionHandling;
+using System.Web.Http.Tracing;
+using Owin;
+using Umbraco.Web;
+using Umbraco.Web.Editors;
+using Umbraco.Web.WebApi;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    /// <summary>
+    /// Startup class for the self-hosted web server works for OWIN and WebAPI
+    /// </summary>
+    public class TestStartup
+    {
+        private readonly Func<HttpRequestMessage, UmbracoHelper, ApiController> _controllerFactory;
+        private readonly Action<HttpConfiguration> _initialize;
+
+        public TestStartup(Action<HttpConfiguration> initialize, Func<HttpRequestMessage, UmbracoHelper, ApiController> controllerFactory)
+        {
+            _controllerFactory = controllerFactory;
+            _initialize = initialize;
+        }
+
+        public void Configuration(IAppBuilder app)
+        {            
+            var httpConfig = new HttpConfiguration();
+
+            //TODO: Enable this if you can't see the errors produced
+            //var traceWriter = httpConfig.EnableSystemDiagnosticsTracing();
+            //traceWriter.IsVerbose = true;
+            //traceWriter.MinimumLevel = TraceLevel.Debug;
+
+            httpConfig.IncludeErrorDetailPolicy = IncludeErrorDetailPolicy.Always;
+
+            // Add in a simple exception tracer so we can see what is causing the 500 Internal Server Error
+            httpConfig.Services.Add(typeof(IExceptionLogger), new TraceExceptionLogger());
+
+            httpConfig.Services.Replace(typeof(IAssembliesResolver), new SpecificAssemblyResolver(new[] { typeof(UsersController).Assembly }));
+            httpConfig.Services.Replace(typeof(IHttpControllerActivator), new TestControllerActivator(_controllerFactory));
+            httpConfig.Services.Replace(typeof(IHttpControllerSelector), new NamespaceHttpControllerSelector(httpConfig));
+            
+            //auth everything
+            app.AuthenticateEverything();            
+
+            _initialize(httpConfig);
+
+            app.UseWebApi(httpConfig);
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/ControllerTesting/TraceExceptionLogger.cs b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TraceExceptionLogger.cs
new file mode 100644
index 0000000000..faf5870cbb
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/ControllerTesting/TraceExceptionLogger.cs
@@ -0,0 +1,16 @@
+using System.Diagnostics;
+using System.Web.Http.ExceptionHandling;
+
+namespace Umbraco.Tests.TestHelpers.ControllerTesting
+{
+    /// <summary>
+    /// Traces any errors for WebApi to the output window
+    /// </summary>
+    public class TraceExceptionLogger : ExceptionLogger
+    {
+        public override void Log(ExceptionLoggerContext context)
+        {
+            Trace.TraceError(context.ExceptionContext.Exception.ToString());
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/Entities/MockedContent.cs b/src/Umbraco.Tests/TestHelpers/Entities/MockedContent.cs
index 285b36dbba..91f7f874fb 100644
--- a/src/Umbraco.Tests/TestHelpers/Entities/MockedContent.cs
+++ b/src/Umbraco.Tests/TestHelpers/Entities/MockedContent.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using Umbraco.Core;
 using Umbraco.Core.Models;
 
 namespace Umbraco.Tests.TestHelpers.Entities
@@ -123,9 +124,9 @@ namespace Umbraco.Tests.TestHelpers.Entities
             content.SetValue("date", DateTime.Now.AddDays(-10));
             content.SetValue("ddl", "1234");
             content.SetValue("chklist", "randomc");
-            content.SetValue("contentPicker", 1090);
-            content.SetValue("mediaPicker", 1091);
-            content.SetValue("memberPicker", 1092);
+            content.SetValue("contentPicker", Udi.Create(Constants.UdiEntityType.Document, new Guid("74ECA1D4-934E-436A-A7C7-36CC16D4095C")).ToString());
+            content.SetValue("mediaPicker", Udi.Create(Constants.UdiEntityType.Media, new Guid("44CB39C8-01E5-45EB-9CF8-E70AAF2D1691")).ToString());
+            content.SetValue("memberPicker", Udi.Create(Constants.UdiEntityType.Member, new Guid("9A50A448-59C0-4D42-8F93-4F1D55B0F47D")).ToString());
             content.SetValue("relatedLinks", "<links><link title=\"google\" link=\"http://google.com\" type=\"external\" newwindow=\"0\" /></links>");
             content.SetValue("tags", "this,is,tags");
 
diff --git a/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs b/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs
index bd199eaa38..1b11b9c929 100644
--- a/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs
+++ b/src/Umbraco.Tests/TestHelpers/Entities/MockedUser.cs
@@ -1,63 +1,37 @@
 using System;
 using System.Collections.Generic;
-using System.Linq;
-using Umbraco.Core.Models;
 using Umbraco.Core.Models.Membership;
 
 namespace Umbraco.Tests.TestHelpers.Entities
 {
     public class MockedUser
     {
-        internal static User CreateUser(IUserType userType = null, string suffix = "", params string[] allowedSections)
+        internal static User CreateUser(string suffix = "")
         {
-            if (userType == null)
+            var user = new User
             {
-                userType = MockedUserType.CreateUserType();
-            }
-
-            var user = new User(userType)
-                {
-                    Language = "en",
-                    IsApproved = true,
-                    Name = "TestUser" + suffix,
-                    RawPasswordValue = "testing",
-                    IsLockedOut = false,
-                    DefaultPermissions = new[]{"A", "B", "C"},
-                    StartContentId = -1,
-                    StartMediaId = -1,
-                    Email = "test" + suffix + "@test.com",
-                    Username = "TestUser" + suffix
-                };
-
-            if (allowedSections.Any())
-            {
-                foreach (var s in allowedSections)
-                {
-                    user.AddAllowedSection(s);
-                }
-            }
-            else
-            {
-                user.AddAllowedSection("content");
-                user.AddAllowedSection("media");
-            }
+                Language = "en",
+                IsApproved = true,
+                Name = "TestUser" + suffix,
+                RawPasswordValue = "testing",
+                IsLockedOut = false,
+                Email = "test" + suffix + "@test.com",
+                Username = "TestUser" + suffix
+            };
 
             return user;
         }
 
-        internal static IEnumerable<IUser> CreateUser(IUserType userType, int amount, Action<int, IUser> onCreating = null)
+        internal static IEnumerable<IUser> CreateMulipleUsers(int amount, Action<int, IUser> onCreating = null)
         {
             var list = new List<IUser>();
 
             for (int i = 0; i < amount; i++)
             {
                 var name = "Member No-" + i;
-                var user = new User(name, "test" + i + "@test.com", "test" + i, "test" + i, userType);
+                var user = new User(name, "test" + i + "@test.com", "test" + i, "test" + i);
 
-                if (onCreating != null)
-                {
-                    onCreating(i, user);
-                }
+                onCreating?.Invoke(i, user);
 
                 user.ResetDirtyProperties(false);
 
diff --git a/src/Umbraco.Tests/TestHelpers/Entities/MockedUserGroup.cs b/src/Umbraco.Tests/TestHelpers/Entities/MockedUserGroup.cs
new file mode 100644
index 0000000000..920c84f3c3
--- /dev/null
+++ b/src/Umbraco.Tests/TestHelpers/Entities/MockedUserGroup.cs
@@ -0,0 +1,32 @@
+using Umbraco.Core.Models.Membership;
+
+namespace Umbraco.Tests.TestHelpers.Entities
+{
+    public class MockedUserGroup
+    {
+        internal static UserGroup CreateUserGroup(string suffix = "", string[] permissions = null, string[] allowedSections = null)
+        {
+            var group = new UserGroup
+            {
+                Alias = "testUserGroup" + suffix,
+                Name = "TestUserGroup" + suffix,
+                Permissions = permissions ?? new[] { "A", "B", "C" }
+            };
+
+            if (allowedSections == null)
+            {
+                group.AddAllowedSection("content");
+                group.AddAllowedSection("media");
+            }
+            else
+            {
+                foreach (var allowedSection in allowedSections)
+                {
+                    group.AddAllowedSection(allowedSection);
+                }
+            }
+
+            return group;
+        }
+    }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Tests/TestHelpers/Entities/MockedUserType.cs b/src/Umbraco.Tests/TestHelpers/Entities/MockedUserType.cs
deleted file mode 100644
index 69458e8715..0000000000
--- a/src/Umbraco.Tests/TestHelpers/Entities/MockedUserType.cs
+++ /dev/null
@@ -1,17 +0,0 @@
-using Umbraco.Core.Models.Membership;
-
-namespace Umbraco.Tests.TestHelpers.Entities
-{
-    public class MockedUserType
-    {
-        internal static UserType CreateUserType(string suffix = "")
-        {
-            return new UserType()
-                {
-                    Alias = "testUserType" + suffix,
-                    Name = "TestUserType" + suffix,
-                    Permissions = new[]{"A", "B", "C"}
-                };
-        }
-    }
-}
diff --git a/src/Umbraco.Tests/TestHelpers/SettingsForTests.cs b/src/Umbraco.Tests/TestHelpers/SettingsForTests.cs
index 88b5a1d70d..ec1f5e57d0 100644
--- a/src/Umbraco.Tests/TestHelpers/SettingsForTests.cs
+++ b/src/Umbraco.Tests/TestHelpers/SettingsForTests.cs
@@ -63,6 +63,7 @@ namespace Umbraco.Tests.TestHelpers
             settings.Setup(x => x.Content.UmbracoLibraryCacheDuration).Returns(1800);
             settings.Setup(x => x.WebRouting.UrlProviderMode).Returns("AutoLegacy");
             settings.Setup(x => x.Templates.DefaultRenderingEngine).Returns(RenderingEngine.Mvc);
+            settings.Setup(x => x.Providers.DefaultBackOfficeUserProvider).Returns("UsersMembershipProvider");
 
             return settings.Object;
         }
diff --git a/src/Umbraco.Tests/TestHelpers/TestObjects.cs b/src/Umbraco.Tests/TestHelpers/TestObjects.cs
index 1bfde929cb..53dedfd733 100644
--- a/src/Umbraco.Tests/TestHelpers/TestObjects.cs
+++ b/src/Umbraco.Tests/TestHelpers/TestObjects.cs
@@ -152,14 +152,17 @@ namespace Umbraco.Tests.TestHelpers
                     }),
                     logger));
 
-            var userService = GetLazyService<IUserService>(container, () => new UserService(provider, logger, eventMessagesFactory));
+            var runtimeState = Mock.Of<IRuntimeState>();
+            var idkMap = new IdkMap(provider);
+
+            var userService = GetLazyService<IUserService>(container, () => new UserService(provider, logger, eventMessagesFactory, runtimeState));
             var dataTypeService = GetLazyService<IDataTypeService>(container, () => new DataTypeService(provider, logger, eventMessagesFactory));
-            var contentService = GetLazyService<IContentService>(container, () => new ContentService(provider, logger, eventMessagesFactory, mediaFileSystem));
+            var contentService = GetLazyService<IContentService>(container, () => new ContentService(provider, logger, eventMessagesFactory, mediaFileSystem, idkMap));
             var notificationService = GetLazyService<INotificationService>(container, () => new NotificationService(provider, userService.Value, contentService.Value, logger));
             var serverRegistrationService = GetLazyService<IServerRegistrationService>(container, () => new ServerRegistrationService(provider, logger, eventMessagesFactory));
             var memberGroupService = GetLazyService<IMemberGroupService>(container, () => new MemberGroupService(provider, logger, eventMessagesFactory));
             var memberService = GetLazyService<IMemberService>(container, () => new MemberService(provider, logger, eventMessagesFactory, memberGroupService.Value, mediaFileSystem));
-            var mediaService = GetLazyService<IMediaService>(container, () => new MediaService(provider, mediaFileSystem, logger, eventMessagesFactory));
+            var mediaService = GetLazyService<IMediaService>(container, () => new MediaService(provider, mediaFileSystem, logger, eventMessagesFactory, idkMap));
             var contentTypeService = GetLazyService<IContentTypeService>(container, () => new ContentTypeService(provider, logger, eventMessagesFactory, contentService.Value));
             var mediaTypeService = GetLazyService<IMediaTypeService>(container, () => new MediaTypeService(provider, logger, eventMessagesFactory, mediaService.Value));
             var fileService = GetLazyService<IFileService>(container, () => new FileService(provider, logger, eventMessagesFactory));
@@ -169,6 +172,7 @@ namespace Umbraco.Tests.TestHelpers
             var entityService = GetLazyService<IEntityService>(container, () => new EntityService(
                     provider, logger, eventMessagesFactory,
                     contentService.Value, contentTypeService.Value, mediaService.Value, mediaTypeService.Value, dataTypeService.Value, memberService.Value, memberTypeService.Value,
+                    idkMap,
                     //TODO: Consider making this an isolated cache instead of using the global one
                     cache.RuntimeCache));
 
diff --git a/src/Umbraco.Tests/TreesAndSections/SectionTests.cs b/src/Umbraco.Tests/TreesAndSections/SectionTests.cs
index 8030534401..f91108b302 100644
--- a/src/Umbraco.Tests/TreesAndSections/SectionTests.cs
+++ b/src/Umbraco.Tests/TreesAndSections/SectionTests.cs
@@ -74,53 +74,6 @@ namespace Umbraco.Tests.TreesAndSections
             Assert.IsNull(ServiceContext.SectionService.GetByAlias(name));
         }
 
-        /// <summary>
-        /// Creates a new user, assigns the user to existing application,
-        /// then deletes the user
-        /// </summary>
-        [Test()]
-        public void Application_Create_New_User_Assign_Application()
-        {
-            var name = Guid.NewGuid().ToString("N");
-
-            //new user
-            var ut = ServiceContext.UserService.GetAllUserTypes().First();
-            var user = ServiceContext.UserService.CreateUserWithIdentity(name, name + "@example.com", ut);
-
-            //assign the app
-            user.AddAllowedSection(Constants.Applications.Content);
-            ServiceContext.UserService.Save(user);
-
-            //ensure it's added
-            Assert.AreEqual(1, user.AllowedSections.Count(x => x == Constants.Applications.Content));
-        }
-
-        /// <summary>
-        /// create a new application and assigne an new user and deletes the application making sure the assignments are removed
-        /// </summary>
-        [Test()]
-        public void Application_Make_New_Assign_User()
-        {
-            var name = Guid.NewGuid().ToString("N");
-
-            //new user
-            var ut = ServiceContext.UserService.GetAllUserTypes().First();
-            var user = ServiceContext.UserService.CreateUserWithIdentity(name, name + "@example.com", ut);
-
-            ServiceContext.SectionService.MakeNew(name, name, "icon.jpg");
-
-            //check if it exists
-            var app = ServiceContext.SectionService.GetByAlias(name);
-            Assert.IsNotNull(app);
-
-            //assign the app
-            user.AddAllowedSection(app.Alias);
-            ServiceContext.UserService.Save(user);
-            //ensure it's added
-            Assert.AreEqual(1, user.AllowedSections.Count(x => x == app.Alias));
-
-        }
-
         #region Tests to write
 
 
diff --git a/src/Umbraco.Tests/UI/LegacyDialogTests.cs b/src/Umbraco.Tests/UI/LegacyDialogTests.cs
index 9afe8dbe42..3fe64d6e03 100644
--- a/src/Umbraco.Tests/UI/LegacyDialogTests.cs
+++ b/src/Umbraco.Tests/UI/LegacyDialogTests.cs
@@ -2,7 +2,6 @@
 using NUnit.Framework;
 using Umbraco.Core;
 using umbraco;
-using umbraco.cms.presentation.user;
 using Umbraco.Core.Composing;
 using Umbraco.Web._Legacy.UI;
 
@@ -23,19 +22,14 @@ namespace Umbraco.Tests.UI
             }
         }
 
-        [TestCase(typeof(UserTypeTasks), Constants.Applications.Users)]
         [TestCase(typeof(XsltTasks), Constants.Applications.Developer)]
-        [TestCase(typeof(userTasks), Constants.Applications.Users)]
-        [TestCase(typeof(templateTasks), Constants.Applications.Settings)]
         [TestCase(typeof(StylesheetTasks), Constants.Applications.Settings)]
         [TestCase(typeof(stylesheetPropertyTasks), Constants.Applications.Settings)]
-        [TestCase(typeof(ScriptTasks), Constants.Applications.Settings)]
         [TestCase(typeof(MemberGroupTasks), Constants.Applications.Members)]
         [TestCase(typeof(dictionaryTasks), Constants.Applications.Settings)]
         [TestCase(typeof(macroTasks), Constants.Applications.Developer)]
         [TestCase(typeof(languageTasks), Constants.Applications.Settings)]
         [TestCase(typeof(CreatedPackageTasks), Constants.Applications.Developer)]
-        [TestCase(typeof(PartialViewTasks), Constants.Applications.Settings)]
         public void Check_Assigned_Apps_For_Tasks(Type taskType, string app)
         {
             var task = (LegacyDialogTask)Activator.CreateInstance(taskType);
diff --git a/src/Umbraco.Tests/Umbraco.Tests.csproj b/src/Umbraco.Tests/Umbraco.Tests.csproj
index af951bcd5b..c6bfcf0248 100644
--- a/src/Umbraco.Tests/Umbraco.Tests.csproj
+++ b/src/Umbraco.Tests/Umbraco.Tests.csproj
@@ -108,9 +108,21 @@
     <Reference Include="Lucene.Net.Contrib.SpellChecker, Version=3.0.3.0, Culture=neutral, PublicKeyToken=85089178b9ac3181, processorArchitecture=MSIL">
       <HintPath>..\packages\Lucene.Net.Contrib.3.0.3\lib\net40\Lucene.Net.Contrib.SpellChecker.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.AspNet.Identity.Core, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNet.Identity.Core.2.2.1\lib\net45\Microsoft.AspNet.Identity.Core.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Owin, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Owin.3.1.0\lib\net45\Microsoft.Owin.dll</HintPath>
     </Reference>
+    <Reference Include="Microsoft.Owin.Hosting, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Hosting.3.1.0\lib\net45\Microsoft.Owin.Hosting.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Security, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Security.3.1.0\lib\net45\Microsoft.Owin.Security.dll</HintPath>
+    </Reference>
+    <Reference Include="Microsoft.Owin.Testing, Version=3.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.Owin.Testing.3.1.0\lib\net45\Microsoft.Owin.Testing.dll</HintPath>
+    </Reference>
     <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
     </Reference>
@@ -164,6 +176,9 @@
     <Reference Include="System.Web.Http, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.AspNet.WebApi.Core.5.2.3\lib\net45\System.Web.Http.dll</HintPath>
     </Reference>
+    <Reference Include="System.Web.Http.Owin, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <HintPath>..\packages\Microsoft.AspNet.WebApi.Owin.5.2.3\lib\net45\System.Web.Http.Owin.dll</HintPath>
+    </Reference>
     <Reference Include="System.Web.Http.SelfHost, Version=5.2.3.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
       <HintPath>..\packages\Microsoft.AspNet.WebApi.SelfHost.5.2.3\lib\net45\System.Web.Http.SelfHost.dll</HintPath>
     </Reference>
@@ -203,13 +218,16 @@
     <Compile Include="CoreThings\CallContextTests.cs" />
     <Compile Include="Components\ComponentTests.cs" />
     <Compile Include="CoreXml\RenamedRootNavigatorTests.cs" />
+    <Compile Include="DateTimeExtensionsTests.cs" />
     <Compile Include="IO\ShadowFileSystemTests.cs" />
     <Compile Include="Issues\U9560.cs" />
     <Compile Include="Integration\ContentEventsTests.cs" />
     <Compile Include="Migrations\CreateTableMigrationTests.cs" />
     <Compile Include="Migrations\MigrationIssuesTests.cs" />
     <Compile Include="Models\Mapping\AutoMapper6Tests.cs" />
+    <Compile Include="Models\Mapping\UserModelMapperTests.cs" />
     <Compile Include="Persistence\Repositories\EntityRepositoryTests.cs" />
+    <Compile Include="Persistence\Repositories\UserGroupRepositoryTest.cs" />
     <Compile Include="PublishedContent\ModelsAndConvertersTests.cs" />
     <Compile Include="Routing\NiceUrlRoutesTests.cs" />
     <Compile Include="Scheduling\BackgroundTaskRunnerTests2.cs" />
@@ -222,7 +240,17 @@
     <Compile Include="Scoping\ScopedNuCacheTests.cs" />
     <Compile Include="Scoping\ScopeTests.cs" />
     <Compile Include="Services\CachedDataTypeServiceTests.cs" />
+    <Compile Include="Services\SectionServiceTests.cs" />
     <Compile Include="TestHelpers\ConsoleLogger.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\AuthenticateEverythingExtensions.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\AuthenticateEverythingMiddleware.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\SpecificAssemblyResolver.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\TestControllerActivator.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\TestControllerActivatorBase.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\TestRunner.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\TestStartup.cs" />
+    <Compile Include="TestHelpers\ControllerTesting\TraceExceptionLogger.cs" />
+    <Compile Include="TestHelpers\Entities\MockedUserGroup.cs" />
     <Compile Include="TestHelpers\NoHttpContextAccessor.cs" />
     <Compile Include="Testing\TestingTests\NUnitTests.cs" />
     <Compile Include="Persistence\LocksTests.cs" />
@@ -257,6 +285,8 @@
     <Compile Include="Collections\DeepCloneableListTests.cs" />
     <Compile Include="Web\Controllers\BackOfficeControllerUnitTests.cs" />
     <Compile Include="CoreThings\DelegateExtensionsTests.cs" />
+    <Compile Include="Web\Controllers\UsersControllerTests.cs" />
+    <Compile Include="Web\HealthChecks\HealthCheckResultsTests.cs" />
     <Compile Include="Web\Mvc\RenderIndexActionSelectorAttributeTests.cs" />
     <Compile Include="Persistence\PetaPocoCachesTest.cs" />
     <Compile Include="Persistence\Repositories\AuditRepositoryTest.cs" />
@@ -307,7 +337,6 @@
     <Compile Include="Models\TemplateTests.cs" />
     <Compile Include="Models\UmbracoEntityTests.cs" />
     <Compile Include="Models\UserTests.cs" />
-    <Compile Include="Models\UserTypeTests.cs" />
     <Compile Include="Web\Mvc\RenderModelBinderTests.cs" />
     <Compile Include="Web\Mvc\SurfaceControllerTests.cs" />
     <Compile Include="Web\Mvc\UmbracoViewPageTests.cs" />
@@ -343,9 +372,9 @@
     <Compile Include="Configurations\UmbracoSettings\UmbracoSettingsTests.cs" />
     <Compile Include="Configurations\UmbracoSettings\WebRoutingElementDefaultTests.cs" />
     <Compile Include="Configurations\UmbracoSettings\WebRoutingElementTests.cs" />
-    <Compile Include="Web\Controllers\WebApiEditors\ContentControllerUnitTests.cs" />
-    <Compile Include="Web\Controllers\WebApiEditors\FilterAllowedOutgoingContentAttributeTests.cs" />
-    <Compile Include="Web\Controllers\WebApiEditors\MediaControllerUnitTests.cs" />
+    <Compile Include="Web\Controllers\ContentControllerUnitTests.cs" />
+    <Compile Include="Web\Controllers\FilterAllowedOutgoingContentAttributeTests.cs" />
+    <Compile Include="Web\Controllers\MediaControllerUnitTests.cs" />
     <Compile Include="CoreXml\FrameworkXmlTests.cs" />
     <Compile Include="DynamicsAndReflection\ReflectionTests.cs" />
     <Compile Include="Macros\MacroParserTests.cs" />
@@ -363,7 +392,6 @@
     <Compile Include="Persistence\Repositories\NotificationsRepositoryTest.cs" />
     <Compile Include="Persistence\Repositories\TemplateRepositoryTest.cs" />
     <Compile Include="Persistence\Repositories\UserRepositoryTest.cs" />
-    <Compile Include="Persistence\Repositories\UserTypeRepositoryTest.cs" />
     <Compile Include="Models\Mapping\ContentWebModelMappingTests.cs" />
     <Compile Include="PropertyEditors\ImageCropperTest.cs" />
     <Compile Include="PublishedContent\PublishedContentExtensionTests.cs" />
@@ -472,7 +500,6 @@
     <Compile Include="DependencyInjection\ActionCollectionTests.cs" />
     <Compile Include="TestHelpers\Entities\MockedMember.cs" />
     <Compile Include="TestHelpers\Entities\MockedUser.cs" />
-    <Compile Include="TestHelpers\Entities\MockedUserType.cs" />
     <Compile Include="TestHelpers\Stubs\TestProfiler.cs" />
     <Compile Include="TreesAndSections\ResourceFiles.Designer.cs">
       <AutoGen>True</AutoGen>
diff --git a/src/Umbraco.Tests/UmbracoExamine/IndexInitializer.cs b/src/Umbraco.Tests/UmbracoExamine/IndexInitializer.cs
index 0a93a0c350..17e6c46291 100644
--- a/src/Umbraco.Tests/UmbracoExamine/IndexInitializer.cs
+++ b/src/Umbraco.Tests/UmbracoExamine/IndexInitializer.cs
@@ -1,23 +1,17 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using System.Xml.Linq;
 using Examine;
-using Examine.LuceneEngine.Config;
 using Examine.LuceneEngine.Providers;
 using Lucene.Net.Analysis;
 using Lucene.Net.Analysis.Standard;
 using Lucene.Net.Store;
 using Moq;
-using Umbraco.Core;
 using Umbraco.Core.Logging;
 using Umbraco.Core.Models;
 using Umbraco.Core.Models.Membership;
-using Umbraco.Core.Persistence;
 using Umbraco.Core.Persistence.DatabaseModelDefinitions;
-using Umbraco.Core.Persistence.Mappers;
 using Umbraco.Core.Persistence.Querying;
-using Umbraco.Core.Persistence.SqlSyntax;
 using Umbraco.Core.Scoping;
 using Umbraco.Core.Services;
 using Umbraco.Core.Strings;
@@ -84,7 +78,7 @@ namespace Umbraco.Tests.UmbracoExamine
             }
             if (userService == null)
             {
-                userService = Mock.Of<IUserService>(x => x.GetProfileById(It.IsAny<int>()) == Mock.Of<IProfile>(p => p.Id == (object)0 && p.Name == "admin"));
+                userService = Mock.Of<IUserService>(x => x.GetProfileById(It.IsAny<int>()) == Mock.Of<IProfile>(p => p.Id == 0 && p.Name == "admin"));
             }
             if (mediaService == null)
             {
diff --git a/src/Umbraco.Tests/Web/Controllers/WebApiEditors/ContentControllerUnitTests.cs b/src/Umbraco.Tests/Web/Controllers/ContentControllerUnitTests.cs
similarity index 55%
rename from src/Umbraco.Tests/Web/Controllers/WebApiEditors/ContentControllerUnitTests.cs
rename to src/Umbraco.Tests/Web/Controllers/ContentControllerUnitTests.cs
index 322c851cfc..82571b22f3 100644
--- a/src/Umbraco.Tests/Web/Controllers/WebApiEditors/ContentControllerUnitTests.cs
+++ b/src/Umbraco.Tests/Web/Controllers/ContentControllerUnitTests.cs
@@ -3,11 +3,12 @@ using System.Web.Http;
 using Moq;
 using NUnit.Framework;
 using Umbraco.Core.Models;
+using Umbraco.Core.Models.EntityBase;
 using Umbraco.Core.Models.Membership;
 using Umbraco.Core.Services;
 using Umbraco.Web.Editors;
 
-namespace Umbraco.Tests.Web.Controllers.WebApiEditors
+namespace Umbraco.Tests.Web.Controllers
 {
     [TestFixture]
     public class ContentControllerUnitTests
@@ -18,7 +19,7 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
             var contentMock = new Mock<IContent>();
             contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
@@ -26,9 +27,13 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             var contentServiceMock = new Mock<IContentService>();
             contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
             var contentService = contentServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, null, contentService, 1234);
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, 1234);
 
             //assert
             Assert.IsTrue(result);
@@ -40,7 +45,6 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
             var user = userMock.Object;
             var contentMock = new Mock<IContent>();
             contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
@@ -49,12 +53,15 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
             var contentService = contentServiceMock.Object;
             var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>();
-            userServiceMock.Setup(x => x.GetPermissions(user, 1234)).Returns(permissions);
+            var permissions = new EntityPermissionCollection();
+            var permissionSet = new EntityPermissionSet(1234, permissions);
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act/assert
-            Assert.Throws<HttpResponseException>(() => ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, 1234, new[] { 'F' }));
+            Assert.Throws<HttpResponseException>(() => ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' }));
         }
 
         [Test]
@@ -63,7 +70,7 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartContentId).Returns(9876);
+            userMock.Setup(u => u.StartContentIds).Returns(new[] { 9876 });
             var user = userMock.Object;
             var contentMock = new Mock<IContent>();
             contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
@@ -72,12 +79,17 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
             var contentService = contentServiceMock.Object;
             var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>();
-            userServiceMock.Setup(x => x.GetPermissions(user, 1234)).Returns(permissions);
+            var permissions = new EntityPermissionCollection();
+            var permissionSet = new EntityPermissionSet(1234, permissions);
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns(new[] { Mock.Of<EntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, 1234, new[] { 'F'});
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
 
             //assert
             Assert.IsFalse(result);
@@ -89,7 +101,6 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
             var user = userMock.Object;
             var contentMock = new Mock<IContent>();
             contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
@@ -98,15 +109,18 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
             var contentService = contentServiceMock.Object;
             var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>
+            var permissions = new EntityPermissionCollection
                 {
-                    new EntityPermission(9, 1234, new string[]{ "A", "B", "C" })
+                    new EntityPermission(9876, 1234, new string[]{ "A", "B", "C" })
                 };
-            userServiceMock.Setup(x => x.GetPermissions(user, 1234)).Returns(permissions);
+            var permissionSet = new EntityPermissionSet(1234, permissions);
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, 1234, new[] { 'F'});
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
 
             //assert
             Assert.IsFalse(result);
@@ -118,7 +132,7 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
             var contentMock = new Mock<IContent>();
             contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
@@ -126,16 +140,19 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             var contentServiceMock = new Mock<IContentService>();
             contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
             var contentService = contentServiceMock.Object;
-            var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>
+            var permissions = new EntityPermissionCollection
                 {
-                    new EntityPermission(9, 1234, new string[]{ "A", "F", "C" })
+                    new EntityPermission(9876, 1234, new string[]{ "A", "F", "C" })
                 };
-            userServiceMock.Setup(x => x.GetPermissions(user, 1234)).Returns(permissions);
+            var permissionSet = new EntityPermissionSet(1234, permissions);
+            var userServiceMock = new Mock<IUserService>();
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, 1234, new[] { 'F'});
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, 1234, new[] { 'F' });
 
             //assert
             Assert.IsTrue(result);
@@ -147,11 +164,17 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, null, null, -1);
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -1);
 
             //assert
             Assert.IsTrue(result);
@@ -163,11 +186,17 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, null, null, -20);
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -20);
 
             //assert
             Assert.IsTrue(result);
@@ -179,11 +208,19 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(1234);
+            userMock.Setup(u => u.StartContentIds).Returns(new[] { 1234 });
             var user = userMock.Object;
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns(new[] { Mock.Of<EntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") });
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, null, null, -20);
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -20);
 
             //assert
             Assert.IsFalse(result);
@@ -195,11 +232,19 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(1234);
+            userMock.Setup(u => u.StartContentIds).Returns(new[] { 1234 });
             var user = userMock.Object;
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns(new[] { Mock.Of<EntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") });
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, null, null, -1);
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -1);
 
             //assert
             Assert.IsFalse(result);
@@ -211,19 +256,25 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
 
             var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>
+            var permissions = new EntityPermissionCollection
                 {
-                    new EntityPermission(9, 1234, new string[]{ "A" })
+                    new EntityPermission(9876, 1234, new string[]{ "A" })
                 };
-            userServiceMock.Setup(x => x.GetPermissions(user, -1)).Returns(permissions);
+            var permissionSet = new EntityPermissionSet(1234, permissions);
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1")).Returns(permissionSet);
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, null, -1, new[] { 'A'});
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -1, new[] { 'A' });
 
             //assert
             Assert.IsTrue(result);
@@ -235,19 +286,23 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
             var user = userMock.Object;
 
             var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>
+            var permissions = new EntityPermissionCollection
                 {
-                    new EntityPermission(9, 1234, new string[]{ "A" })
+                    new EntityPermission(9876, 1234, new string[]{ "A" })
                 };
-            userServiceMock.Setup(x => x.GetPermissions(user, -1)).Returns(permissions);
+            var permissionSet = new EntityPermissionSet(1234, permissions);
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1")).Returns(permissionSet);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, null, -1, new[] { 'B'});
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -1, new[] { 'B' });
 
             //assert
             Assert.IsFalse(result);
@@ -259,19 +314,25 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
 
             var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>
-                {
-                    new EntityPermission(9, 1234, new string[]{ "A" })
-                };
-            userServiceMock.Setup(x => x.GetPermissions(user, -20)).Returns(permissions);
+            var permissions = new EntityPermissionCollection
+            {
+                new EntityPermission(9876, 1234, new string[]{ "A" })
+            };
+            var permissionSet = new EntityPermissionSet(-20, permissions);
+
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, null, -20, new[] { 'A'});
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -20, new[] { 'A' });
 
             //assert
             Assert.IsTrue(result);
@@ -283,24 +344,27 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
             var user = userMock.Object;
 
             var userServiceMock = new Mock<IUserService>();
-            var permissions = new List<EntityPermission>
+            var permissions = new EntityPermissionCollection
                 {
-                    new EntityPermission(9, 1234, new string[]{ "A" })
+                    new EntityPermission(9876, 1234, new string[]{ "A" })
                 };
-            userServiceMock.Setup(x => x.GetPermissions(user, -20)).Returns(permissions);
+            var permissionSet = new EntityPermissionSet(1234, permissions);
+            userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+            var contentServiceMock = new Mock<IContentService>();
+            var contentService = contentServiceMock.Object;
 
             //act
-            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, null, -20, new[] { 'B'});
+            var result = ContentController.CheckPermissions(new Dictionary<string, object>(), user, userService, contentService, entityService, -20, new[] { 'B' });
 
             //assert
             Assert.IsFalse(result);
         }
-
     }
 
     //NOTE: The below self hosted stuff does work so need to get some tests written. Some are not possible atm because
diff --git a/src/Umbraco.Tests/Web/Controllers/WebApiEditors/FilterAllowedOutgoingContentAttributeTests.cs b/src/Umbraco.Tests/Web/Controllers/FilterAllowedOutgoingContentAttributeTests.cs
similarity index 65%
rename from src/Umbraco.Tests/Web/Controllers/WebApiEditors/FilterAllowedOutgoingContentAttributeTests.cs
rename to src/Umbraco.Tests/Web/Controllers/FilterAllowedOutgoingContentAttributeTests.cs
index 513054cde6..4cde7ad8bd 100644
--- a/src/Umbraco.Tests/Web/Controllers/WebApiEditors/FilterAllowedOutgoingContentAttributeTests.cs
+++ b/src/Umbraco.Tests/Web/Controllers/FilterAllowedOutgoingContentAttributeTests.cs
@@ -6,12 +6,14 @@ using System.Net.Http.Headers;
 using Moq;
 using NUnit.Framework;
 using Umbraco.Core;
+using Umbraco.Core.Models;
+using Umbraco.Core.Models.EntityBase;
 using Umbraco.Core.Models.Membership;
 using Umbraco.Core.Services;
 using Umbraco.Web.Models.ContentEditing;
 using Umbraco.Web.WebApi.Filters;
 
-namespace Umbraco.Tests.Web.Controllers.WebApiEditors
+namespace Umbraco.Tests.Web.Controllers
 {
     [TestFixture]
     public class FilterAllowedOutgoingContentAttributeTests
@@ -19,7 +21,12 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
         [Test]
         public void GetValueFromResponse_Already_EnumerableContent()
         {
-            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>));
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+
+            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>), userService, entityService);
             var val = new List<ContentItemBasic>() {new ContentItemBasic()};
             var result = att.GetValueFromResponse(
                 new ObjectContent(typeof (IEnumerable<ContentItemBasic>),
@@ -34,7 +41,12 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
         [Test]
         public void GetValueFromResponse_From_Property()
         {
-            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>), "MyList");
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+
+            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>), "MyList", userService, entityService);
             var val = new List<ContentItemBasic>() { new ContentItemBasic() };
             var container = new MyTestClass() {MyList = val};
 
@@ -51,7 +63,12 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
         [Test]
         public void GetValueFromResponse_Returns_Null_Not_Found_Property()
         {
-            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>), "DontFind");
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
+
+            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>), "DontFind", userService, entityService);
             var val = new List<ContentItemBasic>() { new ContentItemBasic() };
             var container = new MyTestClass() { MyList = val };
 
@@ -68,7 +85,18 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
         [Test]
         public void Filter_On_Start_Node()
         {
-            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>));
+            var userMock = new Mock<IUser>();
+            userMock.Setup(u => u.Id).Returns(9);
+            userMock.Setup(u => u.StartContentIds).Returns(new[] { 5 });
+            var user = userMock.Object;
+            var userServiceMock = new Mock<IUserService>();
+            var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns(new[] { Mock.Of<EntityPath>(entity => entity.Id == 5 && entity.Path == "-1,5") });
+            var entityService = entityServiceMock.Object;
+
+            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>), userService, entityService);
             var list = new List<dynamic>();
             var path = "";
             for (var i = 0; i < 10; i++)
@@ -81,11 +109,6 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
                 list.Add(new ContentItemBasic { Id = i, Name = "Test" + i, ParentId = i, Path = path });
             }
 
-            var userMock = new Mock<IUser>();
-            userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartContentId).Returns(5);
-            var user = userMock.Object;
-
             att.FilterBasedOnStartNode(list, user);
 
             Assert.AreEqual(5, list.Count);
@@ -95,7 +118,6 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
         [Test]
         public void Filter_On_Permissions()
         {
-            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>));
             var list = new List<dynamic>();
             for (var i = 0; i < 10; i++)
             {
@@ -105,22 +127,25 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
 
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartContentId).Returns(-1);
+            userMock.Setup(u => u.StartContentIds).Returns(new int[0]);
             var user = userMock.Object;
 
             var userServiceMock = new Mock<IUserService>();
             //we're only assigning 3 nodes browse permissions so that is what we expect as a result
-            var permissions = new List<EntityPermission>
-                {
-                    new EntityPermission(9, 1, new string[]{ "F" }),
-                    new EntityPermission(9, 2, new string[]{ "F" }),
-                    new EntityPermission(9, 3, new string[]{ "F" }),
-                    new EntityPermission(9, 4, new string[]{ "A" })
-                };
+            var permissions = new EntityPermissionCollection
+            {
+                new EntityPermission(9876, 1, new string[]{ "F" }),
+                new EntityPermission(9876, 2, new string[]{ "F" }),
+                new EntityPermission(9876, 3, new string[]{ "F" }),
+                new EntityPermission(9876, 4, new string[]{ "A" })
+            };
             userServiceMock.Setup(x => x.GetPermissions(user, ids)).Returns(permissions);
             var userService = userServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
-            att.FilterBasedOnPermissions(list, user, userService);
+            var att = new FilterAllowedOutgoingContentAttribute(typeof(IEnumerable<ContentItemBasic>), userService, entityService);
+            att.FilterBasedOnPermissions(list, user);
 
             Assert.AreEqual(3, list.Count);
             Assert.AreEqual(1, list.ElementAt(0).Id);
diff --git a/src/Umbraco.Tests/Web/Controllers/WebApiEditors/MediaControllerUnitTests.cs b/src/Umbraco.Tests/Web/Controllers/MediaControllerUnitTests.cs
similarity index 55%
rename from src/Umbraco.Tests/Web/Controllers/WebApiEditors/MediaControllerUnitTests.cs
rename to src/Umbraco.Tests/Web/Controllers/MediaControllerUnitTests.cs
index 1221b51cfc..95a0ea4955 100644
--- a/src/Umbraco.Tests/Web/Controllers/WebApiEditors/MediaControllerUnitTests.cs
+++ b/src/Umbraco.Tests/Web/Controllers/MediaControllerUnitTests.cs
@@ -3,11 +3,12 @@ using System.Web.Http;
 using Moq;
 using NUnit.Framework;
 using Umbraco.Core.Models;
+using Umbraco.Core.Models.EntityBase;
 using Umbraco.Core.Models.Membership;
 using Umbraco.Core.Services;
 using Umbraco.Web.Editors;
 
-namespace Umbraco.Tests.Web.Controllers.WebApiEditors
+namespace Umbraco.Tests.Web.Controllers
 {
     [TestFixture]
     public class MediaControllerUnitTests
@@ -18,7 +19,7 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartMediaId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
             var mediaMock = new Mock<IMedia>();
             mediaMock.Setup(m => m.Path).Returns("-1,1234,5678");
@@ -26,9 +27,11 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             var mediaServiceMock = new Mock<IMediaService>();
             mediaServiceMock.Setup(x => x.GetById(1234)).Returns(media);
             var mediaService = mediaServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, 1234);
+            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, entityService, 1234);
 
             //assert
             Assert.IsTrue(result);
@@ -40,7 +43,6 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartMediaId).Returns(-1);
             var user = userMock.Object;
             var mediaMock = new Mock<IMedia>();
             mediaMock.Setup(m => m.Path).Returns("-1,1234,5678");
@@ -48,9 +50,11 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             var mediaServiceMock = new Mock<IMediaService>();
             mediaServiceMock.Setup(x => x.GetById(0)).Returns(media);
             var mediaService = mediaServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act/assert
-            Assert.Throws<HttpResponseException>(() => MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, 1234));
+            Assert.Throws<HttpResponseException>(() => MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, entityService, 1234));
         }
 
         [Test]
@@ -59,7 +63,7 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(9);
-            userMock.Setup(u => u.StartMediaId).Returns(9876);
+            userMock.Setup(u => u.StartMediaIds).Returns(new[] { 9876 });
             var user = userMock.Object;
             var mediaMock = new Mock<IMedia>();
             mediaMock.Setup(m => m.Path).Returns("-1,1234,5678");
@@ -67,9 +71,13 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             var mediaServiceMock = new Mock<IMediaService>();
             mediaServiceMock.Setup(x => x.GetById(1234)).Returns(media);
             var mediaService = mediaServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns(new[] { Mock.Of<EntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, 1234);
+            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, entityService, 1234);
 
             //assert
             Assert.IsFalse(result);
@@ -81,11 +89,15 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartMediaId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
+            var mediaServiceMock = new Mock<IMediaService>();
+            var mediaService = mediaServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, null, -1);
+            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, entityService, -1);
 
             //assert
             Assert.IsTrue(result);
@@ -97,11 +109,17 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartMediaId).Returns(1234);
+            userMock.Setup(u => u.StartMediaIds).Returns(new[] { 1234 });
             var user = userMock.Object;
+            var mediaServiceMock = new Mock<IMediaService>();
+            var mediaService = mediaServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns(new[] { Mock.Of<EntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") });
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, null, -1);
+            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, entityService, -1);
 
             //assert
             Assert.IsFalse(result);
@@ -113,11 +131,15 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartMediaId).Returns(-1);
+            userMock.Setup(u => u.Groups).Returns(new[] { new ReadOnlyUserGroup(1, "admin", "", -1, -1, "admin", new string[0], new List<string>()) });
             var user = userMock.Object;
+            var mediaServiceMock = new Mock<IMediaService>();
+            var mediaService = mediaServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, null, -21);
+            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, entityService, -21);
 
             //assert
             Assert.IsTrue(result);
@@ -129,11 +151,17 @@ namespace Umbraco.Tests.Web.Controllers.WebApiEditors
             //arrange
             var userMock = new Mock<IUser>();
             userMock.Setup(u => u.Id).Returns(0);
-            userMock.Setup(u => u.StartMediaId).Returns(1234);
+            userMock.Setup(u => u.StartMediaIds).Returns(new[] { 1234 });
             var user = userMock.Object;
+            var mediaServiceMock = new Mock<IMediaService>();
+            var mediaService = mediaServiceMock.Object;
+            var entityServiceMock = new Mock<IEntityService>();
+            entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny<UmbracoObjectTypes>(), It.IsAny<int[]>()))
+                .Returns(new[] { Mock.Of<EntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") });
+            var entityService = entityServiceMock.Object;
 
             //act
-            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, null, -21);
+            var result = MediaController.CheckPermissions(new Dictionary<string, object>(), user, mediaService, entityService, -21);
 
             //assert
             Assert.IsFalse(result);
diff --git a/src/Umbraco.Tests/Web/Controllers/UsersControllerTests.cs b/src/Umbraco.Tests/Web/Controllers/UsersControllerTests.cs
new file mode 100644
index 0000000000..bbfb8357ec
--- /dev/null
+++ b/src/Umbraco.Tests/Web/Controllers/UsersControllerTests.cs
@@ -0,0 +1,126 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net.Http;
+using System.Net.Http.Formatting;
+using Microsoft.AspNet.Identity;
+using Moq;
+using Newtonsoft.Json;
+using NUnit.Framework;
+using Umbraco.Core.Composing;
+using Umbraco.Core.Models;
+using Umbraco.Core.Models.Identity;
+using Umbraco.Core.Models.Membership;
+using Umbraco.Core.Persistence.DatabaseModelDefinitions;
+using Umbraco.Core.Security;
+using Umbraco.Tests.TestHelpers;
+using Umbraco.Tests.TestHelpers.ControllerTesting;
+using Umbraco.Tests.TestHelpers.Entities;
+using Umbraco.Tests.Testing;
+using Umbraco.Web.Editors;
+using Umbraco.Web.Models.ContentEditing;
+using IUser = Umbraco.Core.Models.Membership.IUser;
+
+namespace Umbraco.Tests.Web.Controllers
+{
+    [TestFixture]
+    [UmbracoTest(Database = UmbracoTestOptions.Database.None)]
+    public class UsersControllerTests : TestWithDatabaseBase
+    {
+        [Test]
+        public async void Save_User()
+        {
+            var runner = new TestRunner((message, helper) =>
+            {
+                //setup some mocks
+                Umbraco.Core.Configuration.GlobalSettings.HasSmtpServer = true;
+
+                var userServiceMock = Mock.Get(Current.Services.UserService);
+
+                userServiceMock.Setup(service => service.Save(It.IsAny<IUser>(), It.IsAny<bool>()))
+                    .Callback((IUser u, bool raiseEvents) =>
+                    {
+                        u.Id = 1234;
+                    });
+                userServiceMock.Setup(service => service.GetAllUserGroups(It.IsAny<int[]>()))
+                    .Returns(new[] { Mock.Of<IUserGroup>(group => group.Id == 123 && group.Alias == "writers" && group.Name == "Writers") });
+                userServiceMock.Setup(service => service.GetUserGroupsByAlias(It.IsAny<string[]>()))
+                    .Returns(new[] { Mock.Of<IUserGroup>(group => group.Id == 123 && group.Alias == "writers" && group.Name == "Writers") });
+                userServiceMock.Setup(service => service.GetUserById(It.IsAny<int>()))
+                    .Returns(new User(1234, "Test", "test@test.com", "test@test.com", "", new List<IReadOnlyUserGroup>(), new int[0], new int[0]));
+
+                //we need to manually apply automapper mappings with the mocked applicationcontext
+                //InitializeMappers(helper.UmbracoContext.Application);
+                InitializeAutoMapper(true);
+
+                return new UsersController();
+            });
+
+            var userSave = new UserSave
+            {
+                Id = 1234,
+                Email = "test@test.com",
+                Username = "test@test.com",
+                Culture = "en",
+                Name = "Test",
+                UserGroups = new[] { "writers" }
+            };
+            var response = await runner.Execute("Users", "PostSaveUser", HttpMethod.Post,
+                new ObjectContent<UserSave>(userSave, new JsonMediaTypeFormatter()));
+
+            var obj = JsonConvert.DeserializeObject<UserDisplay>(response.Item2);
+
+            Assert.AreEqual(userSave.Name, obj.Name);
+            Assert.AreEqual(1234, obj.Id);
+            Assert.AreEqual(userSave.Email, obj.Email);
+            var userGroupAliases = obj.UserGroups.Select(x => x.Alias).ToArray();
+            foreach (var group in userSave.UserGroups)
+            {
+                Assert.IsTrue(userGroupAliases.Contains(group));
+            }
+        }
+        
+
+        [Test]
+        public async void GetPagedUsers_Empty()
+        {
+            var runner = new TestRunner((message, helper) =>
+            {
+                //we need to manually apply automapper mappings with the mocked applicationcontext
+                //InitializeMappers(helper.UmbracoContext.Application);
+                InitializeAutoMapper(true);
+
+                return new UsersController();
+            });
+            var response = await runner.Execute("Users", "GetPagedUsers", HttpMethod.Get);
+
+            var obj = JsonConvert.DeserializeObject<PagedResult<UserDisplay>>(response.Item2);
+            Assert.AreEqual(0, obj.TotalItems);
+        }
+
+        [Test]
+        public async void GetPagedUsers_10()
+        {
+            var runner = new TestRunner((message, helper) =>
+            {
+                //setup some mocks
+                var userServiceMock = Mock.Get(Current.Services.UserService);
+                var users = MockedUser.CreateMulipleUsers(10);
+                long outVal = 10;
+                userServiceMock.Setup(service => service.GetAll(It.IsAny<long>(), It.IsAny<int>(), out outVal, It.IsAny<string>(), It.IsAny<Direction>(), It.IsAny<UserState[]>(), It.IsAny<string[]>(), It.IsAny<string>()))
+                    .Returns(() => users);
+
+                //we need to manually apply automapper mappings with the mocked applicationcontext
+                //InitializeMappers(helper.UmbracoContext.Application);
+                InitializeAutoMapper(true);
+
+                return new UsersController();
+            });
+            var response = await runner.Execute("Users", "GetPagedUsers", HttpMethod.Get);
+
+            var obj = JsonConvert.DeserializeObject<PagedResult<UserDisplay>>(response.Item2);
+            Assert.AreEqual(10, obj.TotalItems);
+            Assert.AreEqual(10, obj.Items.Count());
+        }
+    }
+}
diff --git a/src/Umbraco.Tests/Web/HealthChecks/HealthCheckResultsTests.cs b/src/Umbraco.Tests/Web/HealthChecks/HealthCheckResultsTests.cs
new file mode 100644
index 0000000000..9247cb92a0
--- /dev/null
+++ b/src/Umbraco.Tests/Web/HealthChecks/HealthCheckResultsTests.cs
@@ -0,0 +1,156 @@
+using System;
+using System.Collections.Generic;
+using NUnit.Framework;
+using Umbraco.Core.Configuration.HealthChecks;
+using Umbraco.Web.HealthCheck;
+
+namespace Umbraco.Tests.Web.HealthChecks
+{
+    [TestFixture]
+    public class HealthCheckResultsTests
+    {
+        #region Stub checks
+
+        [HealthCheck("CFD6FC34-59C9-4402-B55F-C8BC96B628A1", "Stub check")]
+        public abstract class StubHealthCheck : HealthCheck
+        {
+            private readonly string _message;
+            private readonly StatusResultType _resultType;
+
+            public StubHealthCheck(StatusResultType resultType, string message)
+            {
+                _resultType = resultType;
+                _message = message;
+            }
+
+            public override HealthCheckStatus ExecuteAction(HealthCheckAction action)
+            {
+                throw new NotImplementedException();
+            }
+
+            public override IEnumerable<HealthCheckStatus> GetStatus()
+            {
+                return new List<HealthCheckStatus>
+                {
+                    new HealthCheckStatus(_message)
+                    {
+                        ResultType = _resultType
+                    }
+                };
+            }
+        }
+
+        [HealthCheck("CFD6FC34-59C9-4402-B55F-C8BC96B628A1", "Stub check 1")]
+        public class StubHealthCheck1 : StubHealthCheck
+        {
+            public StubHealthCheck1(StatusResultType resultType, string message) : base(resultType, message)
+            {
+            }
+        }
+
+        [HealthCheck("CFD6FC34-59C9-4402-B55F-C8BC96B628A2", "Stub check 2")]
+        public class StubHealthCheck2 : StubHealthCheck
+        {
+            public StubHealthCheck2(StatusResultType resultType, string message) : base(resultType, message)
+            {
+            }
+        }
+
+        [HealthCheck("CFD6FC34-59C9-4402-B55F-C8BC96B628A3", "Stub check 3")]
+        public class StubHealthCheck3 : StubHealthCheck
+        {
+            public StubHealthCheck3(StatusResultType resultType, string message) : base(resultType, message)
+            {
+            }
+
+            public override IEnumerable<HealthCheckStatus> GetStatus()
+            {
+                throw new Exception("Check threw exception");
+            }
+        }
+
+        #endregion
+
+        [Test]
+        public void HealthCheckResults_WithSuccessfulChecks_ReturnsCorrectResultDescription()
+        {
+            var checks = new List<HealthCheck>
+            {
+                new StubHealthCheck1(StatusResultType.Success, "First check was successful"),
+                new StubHealthCheck2(StatusResultType.Success, "Second check was successful"),
+            };
+            var results = new HealthCheckResults(checks);
+
+            Assert.IsTrue(results.AllChecksSuccessful);
+
+            var resultAsMarkdown = results.ResultsAsMarkDown(HealthCheckNotificationVerbosity.Summary);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Checks for 'Stub check 1' all completed succesfully.") > -1);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Checks for 'Stub check 2' all completed succesfully.") > -1);
+        }
+
+        [Test]
+        public void HealthCheckResults_WithFailingChecks_ReturnsCorrectResultDescription()
+        {
+            var checks = new List<HealthCheck>
+            {
+                new StubHealthCheck1(StatusResultType.Success, "First check was successful"),
+                new StubHealthCheck2(StatusResultType.Error, "Second check was not successful"),
+            };
+            var results = new HealthCheckResults(checks);
+
+            Assert.IsFalse(results.AllChecksSuccessful);
+
+            var resultAsMarkdown = results.ResultsAsMarkDown(HealthCheckNotificationVerbosity.Summary);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Checks for 'Stub check 1' all completed succesfully.") > -1);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Checks for 'Stub check 2' completed with errors.") > -1);
+        }
+
+        [Test]
+        public void HealthCheckResults_WithErroringCheck_ReturnsCorrectResultDescription()
+        {
+            var checks = new List<HealthCheck>
+            {
+                new StubHealthCheck1(StatusResultType.Success, "First check was successful"),
+                new StubHealthCheck3(StatusResultType.Error, "Third check was not successful"),
+                new StubHealthCheck2(StatusResultType.Error, "Second check was not successful"),
+            };
+            var results = new HealthCheckResults(checks);
+
+            Assert.IsFalse(results.AllChecksSuccessful);
+
+            var resultAsMarkdown = results.ResultsAsMarkDown(HealthCheckNotificationVerbosity.Summary);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Checks for 'Stub check 1' all completed succesfully.") > -1);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Checks for 'Stub check 2' completed with errors.") > -1);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Checks for 'Stub check 3' completed with errors.") > -1);
+        }
+
+        [Test]
+        public void HealthCheckResults_WithSummaryVerbosity_ReturnsCorrectResultDescription()
+        {
+            var checks = new List<HealthCheck>
+            {
+                new StubHealthCheck1(StatusResultType.Success, "First check was successful"),
+                new StubHealthCheck2(StatusResultType.Success, "Second check was successful"),
+            };
+            var results = new HealthCheckResults(checks);
+
+            var resultAsMarkdown = results.ResultsAsMarkDown(HealthCheckNotificationVerbosity.Summary);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Result: 'Success'\r\n") > -1);
+        }
+
+        [Test]
+        public void HealthCheckResults_WithDetailedVerbosity_ReturnsCorrectResultDescription()
+        {
+            var checks = new List<HealthCheck>
+            {
+                new StubHealthCheck1(StatusResultType.Success, "First check was successful"),
+                new StubHealthCheck2(StatusResultType.Success, "Second check was successful"),
+            };
+            var results = new HealthCheckResults(checks);
+
+            var resultAsMarkdown = results.ResultsAsMarkDown(HealthCheckNotificationVerbosity.Detailed);
+            Assert.IsFalse(resultAsMarkdown.IndexOf("Result: 'Success'\r\n") > -1);
+            Assert.IsTrue(resultAsMarkdown.IndexOf("Result: 'Success', Message: 'First check was successful'\r\n") > -1);
+        }
+    }
+}
diff --git a/src/Umbraco.Tests/packages.config b/src/Umbraco.Tests/packages.config
index 8e9ac2499e..7984e704b3 100644
--- a/src/Umbraco.Tests/packages.config
+++ b/src/Umbraco.Tests/packages.config
@@ -9,15 +9,20 @@
   <package id="Log4Net.Async" version="2.0.4" targetFramework="net461" />
   <package id="Lucene.Net" version="3.0.3" targetFramework="net461" />
   <package id="Lucene.Net.Contrib" version="3.0.3" targetFramework="net461" />
+  <package id="Microsoft.AspNet.Identity.Core" version="2.2.1" targetFramework="net461" />
   <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
   <package id="Microsoft.AspNet.Razor" version="3.2.3" targetFramework="net461" />
   <package id="Microsoft.AspNet.WebApi" version="5.2.3" targetFramework="net461" />
   <package id="Microsoft.AspNet.WebApi.Client" version="5.2.3" targetFramework="net461" />
   <package id="Microsoft.AspNet.WebApi.Core" version="5.2.3" targetFramework="net461" />
+  <package id="Microsoft.AspNet.WebApi.Owin" version="5.2.3" targetFramework="net461" />
   <package id="Microsoft.AspNet.WebApi.SelfHost" version="5.2.3" targetFramework="net461" />
   <package id="Microsoft.AspNet.WebApi.WebHost" version="5.2.3" targetFramework="net461" />
   <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
   <package id="Microsoft.Owin" version="3.1.0" targetFramework="net461" />
+  <package id="Microsoft.Owin.Hosting" version="3.1.0" targetFramework="net461" />
+  <package id="Microsoft.Owin.Security" version="3.1.0" targetFramework="net461" />
+  <package id="Microsoft.Owin.Testing" version="3.1.0" targetFramework="net461" />
   <package id="Microsoft.Web.Infrastructure" version="1.0.0.0" targetFramework="net461" />
   <package id="MiniProfiler" version="3.2.0.157" targetFramework="net461" />
   <package id="Moq" version="4.7.99" targetFramework="net461" />
diff --git a/src/Umbraco.Web/WebApi/HttpRequestMessageExtensions.cs b/src/Umbraco.Web/WebApi/HttpRequestMessageExtensions.cs
index 876e968bf9..8c7c915f50 100644
--- a/src/Umbraco.Web/WebApi/HttpRequestMessageExtensions.cs
+++ b/src/Umbraco.Web/WebApi/HttpRequestMessageExtensions.cs
@@ -1,15 +1,8 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using System.Net;
 using System.Net.Http;
-using System.Net.Http.Headers;
-using System.Text;
-using System.Threading.Tasks;
 using System.Web;
-using System.Web.Http;
 using System.Web.Http.ModelBinding;
-using System.Web.Http.Results;
 using Microsoft.Owin;
 using Umbraco.Core;
 using Umbraco.Web.Models.ContentEditing;