U4-4852 - ContentService can add new permissions but not remove them

Created by daniel mothersole 09 May 2014, 11:51:39 Updated by Shannon Deminick 10 Jul 2014, 02:22:11

Method ContentService.AssignContentPermission will set permissions for a page but the same method won't properly remove permissions.

I don't see any other method on the ContentService that could be used to remove permissions.

Looking in the db this is what I get.

Add permissions

Node Permission 1068 7 1068 A 1068 C

Removing permissions

Node Permission 1068 - 1068 7 1068 A 1068 C

I would expect the 7,A,C rows to be deleted as this happens when you use the Umbraco ui (userPermissions) to add / remove permissions.

Am I missing something or is this a bug?


Dirk 09 May 2014, 18:43:00

In version 6.2 you can use umbraco.BusinessLogic.Permission.DeletePermissions(user) to remove all user specific permissons. Then you can add new once. But I think if ContentService has the method for assigning permissons it should also provide clear or delete permission method.

Shannon Deminick 01 Jul 2014, 04:10:15

You can do this currently in v7 - but can make it more clear. Also note there's two ways to assign permissions:

  • Via content
  • Via user

There is a many to many relationship between user and content permissions so it really depends on how you are assigning permissions. For example, in the permissions dialog in the content tree, you are assigning permissions to a content item for users. Whereas in the permission tree in the user section, you are assigning permissions to a user for content.

So here's the current methods to work with permissions:

IEnumerable IContentService.GetPermissionsForEntity(IContent content); IContentService.AssignContentPermission(IContent entity, char permission, IEnumerable userIds);

IEnumerable IUserService.GetPermissions(IUser user, params int[] nodeIds); IUserService.ReplaceUserPermissions(int userId, IEnumerable permissions, params int[] entityIds);

If you wanted to delete permissions for a user/content item, you would need to know which user you want to remove permissions for, and you would pass in those content ids, for example to delete permissions for a content item of id 1234 and for user 9876:

 `UserService.ReplaceUserPermissions(9876, Enumerable.Empty<char>(), 1234)`

We have a method that we use to copy permissions on the underlying PermissionRepository, but because of this many to many relationship we didn't expose this publicly yet because it's not straight forward data. For example, the method we have is:

ReplaceEntityPermissions(TEntity entity, IEnumerable<Tuple<int, string>> userPermissions)

where userPermissions is a key/value pair list containing a userId and a permission to assign. This will clear permissions first and then re-assign. This is basically the method that you'd probably want to use if you are assigning permissions from a content perspective.

We could expose this method on the IContentService but the question would be will people understand how to use it?

Shannon Deminick 10 Jul 2014, 02:22:01

So with the above info you should still be able to perform what you need to as a work around, and now with the upcoming 7.1.5 there's a new method on the IContentService:

    /// <summary>
    /// Used to bulk update the permissions set for a content item. This will replace all permissions
    /// assigned to an entity with a list of user id & permission pairs.
    /// </summary>
    /// <param name="permissionSet"></param>
    void ReplaceContentPermissions(EntityPermissionSet permissionSet);

Priority: Normal

Type: Bug

State: Fixed

Assignee: Shannon Deminick

Difficulty: Normal


Backwards Compatible: True

Fix Submitted:

Affected versions: 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4

Due in version: 7.1.5


Story Points: