umbraco
diff --git a/‎src/Umbraco.Cms.Api.Management/Controllers/Security/SecurityControllerBase.cs
Lines changed: 4 additions & 0 deletions b/‎src/Umbraco.Cms.Api.Management/Controllers/Security/SecurityControllerBase.cs
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Umbraco.Cms.Api.Management/Controllers/TemporaryFile/TemporaryFileControllerBase.cs
Lines changed: 4 additions & 1 deletion b/‎src/Umbraco.Cms.Api.Management/Controllers/TemporaryFile/TemporaryFileControllerBase.cs
Lines changed: 4 additions & 1 deletion
diff --git a/‎src/Umbraco.Cms.Api.Management/Factories/DocumentVersionPresentationFactory.cs
Lines changed: 1 addition & 1 deletion b/‎src/Umbraco.Cms.Api.Management/Factories/DocumentVersionPresentationFactory.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Umbraco.Cms.Api.Management/Factories/UserPresentationFactory.cs
Lines changed: 77 additions & 4 deletions b/‎src/Umbraco.Cms.Api.Management/Factories/UserPresentationFactory.cs
Lines changed: 77 additions & 4 deletions
@@ -21,6 +21,10 @@ protected IActionResult UserOperationStatusResult(UserOperationStatus status, Er
                 .WithTitle("The password reset token was invalid")
                 .WithDetail("The specified password reset token was either used already or wrong.")
                 .Build()),
+            UserOperationStatus.CancelledByNotification => BadRequest(problemDetailsBuilder
+                .WithTitle("Cancelled by notification")
+                .WithDetail("A notification handler prevented the user operation.")
+                .Build()),
             UserOperationStatus.UnknownFailure => BadRequest(problemDetailsBuilder
                 .WithTitle("Unknown failure")
                 .WithDetail(errorMessageResult?.Error?.ErrorMessage ?? "The error was unknown")
 
@@ -1,4 +1,4 @@
-using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Cms.Api.Common.Builders;
 using Umbraco.Cms.Api.Management.Routing;
@@ -17,6 +17,9 @@ protected IActionResult TemporaryFileStatusResult(TemporaryFileOperationStatus o
                 .WithTitle("File extension not allowed")
                 .WithDetail("The file extension is not allowed.")
                 .Build()),
+            TemporaryFileOperationStatus.InvalidFileName => BadRequest(problemDetailsBuilder
+                .WithTitle("The provided file name is not valid")
+                .Build()),
             TemporaryFileOperationStatus.KeyAlreadyUsed => BadRequest(problemDetailsBuilder
                 .WithTitle("Key already used")
                 .WithDetail("The specified key is already used.")
 
@@ -26,7 +26,7 @@ public async Task<DocumentVersionItemResponseModel> CreateAsync(ContentVersionMe
             new ReferenceByIdModel(_entityService.GetKey(contentVersion.ContentTypeId, UmbracoObjectTypes.DocumentType)
                 .Result),
             new ReferenceByIdModel(await _userIdKeyResolver.GetAsync(contentVersion.UserId)),
-            new DateTimeOffset(contentVersion.VersionDate, TimeSpan.Zero), // todo align with datetime offset rework
+            new DateTimeOffset(contentVersion.VersionDate),
             contentVersion.CurrentPublishedVersion,
             contentVersion.CurrentDraftVersion,
             contentVersion.PreventCleanup);
 
@@ -1,13 +1,17 @@
-using Umbraco.Cms.Api.Management.Routing;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
+using Umbraco.Cms.Api.Management.Routing;
 using Umbraco.Cms.Api.Management.Security;
 using Umbraco.Cms.Api.Management.ViewModels;
 using Umbraco.Cms.Api.Management.ViewModels.User;
 using Umbraco.Cms.Api.Management.ViewModels.User.Current;
-using Umbraco.Cms.Core;
 using Umbraco.Cms.Api.Management.ViewModels.User.Item;
+using Umbraco.Cms.Api.Management.ViewModels.UserGroup;
+using Umbraco.Cms.Api.Management.ViewModels.UserGroup.Permissions;
+using Umbraco.Cms.Core;
 using Umbraco.Cms.Core.Cache;
 using Umbraco.Cms.Core.Configuration.Models;
+using Umbraco.Cms.Core.DependencyInjection;
 using Umbraco.Cms.Core.IO;
 using Umbraco.Cms.Core.Mail;
 using Umbraco.Cms.Core.Media;
@@ -20,7 +24,6 @@ namespace Umbraco.Cms.Api.Management.Factories;
 
 public class UserPresentationFactory : IUserPresentationFactory
 {
-
     private readonly IEntityService _entityService;
     private readonly AppCaches _appCaches;
     private readonly MediaFileManager _mediaFileManager;
@@ -31,7 +34,10 @@ public class UserPresentationFactory : IUserPresentationFactory
     private readonly IPasswordConfigurationPresentationFactory _passwordConfigurationPresentationFactory;
     private readonly IBackOfficeExternalLoginProviders _externalLoginProviders;
     private readonly SecuritySettings _securitySettings;
+    private readonly IUserService _userService;
+    private readonly IContentService _contentService;
 
+    [Obsolete("Please use the constructor taking all parameters. Scheduled for removal in Umbraco 17.")]
     public UserPresentationFactory(
         IEntityService entityService,
         AppCaches appCaches,
@@ -43,6 +49,35 @@ public UserPresentationFactory(
         IPasswordConfigurationPresentationFactory passwordConfigurationPresentationFactory,
         IOptionsSnapshot<SecuritySettings> securitySettings,
         IBackOfficeExternalLoginProviders externalLoginProviders)
+        : this(
+              entityService,
+            appCaches,
+            mediaFileManager,
+            imageUrlGenerator,
+            userGroupPresentationFactory,
+            absoluteUrlBuilder,
+            emailSender,
+            passwordConfigurationPresentationFactory,
+            securitySettings,
+            externalLoginProviders,
+            StaticServiceProvider.Instance.GetRequiredService<IUserService>(),
+            StaticServiceProvider.Instance.GetRequiredService<IContentService>())
+    {
+    }
+
+    public UserPresentationFactory(
+        IEntityService entityService,
+        AppCaches appCaches,
+        MediaFileManager mediaFileManager,
+        IImageUrlGenerator imageUrlGenerator,
+        IUserGroupPresentationFactory userGroupPresentationFactory,
+        IAbsoluteUrlBuilder absoluteUrlBuilder,
+        IEmailSender emailSender,
+        IPasswordConfigurationPresentationFactory passwordConfigurationPresentationFactory,
+        IOptionsSnapshot<SecuritySettings> securitySettings,
+        IBackOfficeExternalLoginProviders externalLoginProviders,
+        IUserService userService,
+        IContentService contentService)
     {
         _entityService = entityService;
         _appCaches = appCaches;
@@ -54,6 +89,8 @@ public UserPresentationFactory(
         _externalLoginProviders = externalLoginProviders;
         _securitySettings = securitySettings.Value;
         _absoluteUrlBuilder = absoluteUrlBuilder;
+        _userService = userService;
+        _contentService = contentService;
     }
 
     public UserResponseModel CreateResponseModel(IUser user)
@@ -195,7 +232,7 @@ public async Task<CurrentUserResponseModel> CreateCurrentUserResponseModelAsync(
         var contentStartNodeIds = user.CalculateContentStartNodeIds(_entityService, _appCaches);
         var documentStartNodeKeys = GetKeysFromIds(contentStartNodeIds, UmbracoObjectTypes.Document);
 
-        var permissions = presentationGroups.SelectMany(x => x.Permissions).ToHashSet();
+        var permissions = GetAggregatedGranularPermissions(user, presentationGroups);
         var fallbackPermissions = presentationGroups.SelectMany(x => x.FallbackPermissions).ToHashSet();
 
         var hasAccessToAllLanguages = presentationGroups.Any(x => x.HasAccessToAllLanguages);
@@ -225,6 +262,42 @@ public async Task<CurrentUserResponseModel> CreateCurrentUserResponseModelAsync(
         });
     }
 
+    private HashSet<IPermissionPresentationModel> GetAggregatedGranularPermissions(IUser user, IEnumerable<UserGroupResponseModel> presentationGroups)
+    {
+        var permissions = presentationGroups.SelectMany(x => x.Permissions).ToHashSet();
+
+        // The raw permission data consists of several permissions for each document.  We want to aggregate this server-side so
+        // we return one set of aggregate permissions per document that the client will use.
+
+        // Get the unique document keys that have granular permissions.
+        IEnumerable<Guid> documentKeysWithGranularPermissions = permissions
+            .Where(x => x is DocumentPermissionPresentationModel)
+            .Cast<DocumentPermissionPresentationModel>()
+            .Select(x => x.Document.Id)
+            .Distinct();
+
+        var aggregatedPermissions = new HashSet<IPermissionPresentationModel>();
+        foreach (Guid documentKey in documentKeysWithGranularPermissions)
+        {
+            // Retrieve the path of the document.
+            var path = _contentService.GetById(documentKey)?.Path;
+            if (string.IsNullOrEmpty(path))
+            {
+                continue;
+            }
+
+            // With the path we can call the same logic as used server-side for authorizing access to resources.
+            EntityPermissionSet permissionsForPath = _userService.GetPermissionsForPath(user, path);
+            aggregatedPermissions.Add(new DocumentPermissionPresentationModel
+            {
+                Document = new ReferenceByIdModel(documentKey),
+                Verbs = permissionsForPath.GetAllPermissions()
+            });
+        }
+
+        return aggregatedPermissions;
+    }
+
     public async Task<CalculatedUserStartNodesResponseModel> CreateCalculatedUserStartNodesResponseModelAsync(IUser user)
     {
         var mediaStartNodeIds = user.CalculateMediaStartNodeIds(_entityService, _appCaches);