V9: Fix granular permissions for user groups (#11577)

* Fixes the treepicker for granular permissions to use a select callback instead of submit with the full selection

* Introduced UserGroup2NodeDto table, to allow users to save empty arrays of permissions

* Cleanup

* Fixed null issue in audit logging

* Fixed migration

* Fixed GetDeleteClauses

* Fixes for SqlCE, do not run multiple comments on one sql request

* Align behavior between content>permissions and usergroups>granularPpermissions

- It is now possible to save default values in content>permissions like in usergroups>granularPpermissions
- It is now possible to differentiate between we save an empty collection and we remove the granular permissions in content>permissions

* Fix comments

Co-authored-by: Andy Butland <[email protected]>
Co-authored-by: Bjarke Berg <[email protected]>

Author: 3 people

src/Umbraco.Core/Handlers/AuditNotificationsHandler.cs

@@ -226,7 +226,7 @@ public void Handle(AssignedUserGroupPermissionsNotification notification)
             foreach (var perm in perms)
             {
                 var group = _userService.GetUserGroupById(perm.UserGroupId);
-                var assigned = string.Join(", ", perm.AssignedPermissions);
+                var assigned = string.Join(", ", perm?.AssignedPermissions ?? Array.Empty<string>());
                 var entity = _entityService.Get(perm.EntityId);
 
                 _auditService.Write(performingUser.Id, $"User \"{performingUser.Name}\" {FormatEmail(performingUser)}", PerformingIp,

src/Umbraco.Core/Models/ContentEditing/UserGroupPermissionsSave.cs

@@ -10,7 +10,7 @@ namespace Umbraco.Cms.Core.Models.ContentEditing
     /// Used to assign user group permissions to a content node
     /// </summary>
     [DataContract(Name = "contentPermission", Namespace = "")]
-    public class UserGroupPermissionsSave : IValidatableObject
+    public class UserGroupPermissionsSave
     {
         public UserGroupPermissionsSave()
         {
@@ -28,13 +28,5 @@ public UserGroupPermissionsSave()
         /// </summary>
         [DataMember(Name = "permissions")]
         public IDictionary<int, IEnumerable<string>> AssignedPermissions { get; set; }
-
-        public IEnumerable<ValidationResult> Validate(ValidationContext validationContext)
-        {
-            if (AssignedPermissions.SelectMany(x => x.Value).Any(x => x.IsNullOrWhiteSpace()))
-            {
-                yield return new ValidationResult("A permission value cannot be null or empty", new[] { "Permissions" });
-            }
-        }
     }
 }

src/Umbraco.Core/Persistence/Constants-DatabaseSchema.cs

@@ -52,6 +52,7 @@ public static class Tables
                 public const string User2UserGroup = TableNamePrefix + "User2UserGroup";
                 public const string User2NodeNotify = TableNamePrefix + "User2NodeNotify";
                 public const string UserGroup2App = TableNamePrefix + "UserGroup2App";
+                public const string UserGroup2Node = TableNamePrefix + "UserGroup2Node";
                 public const string UserGroup2NodePermission = TableNamePrefix + "UserGroup2NodePermission";
                 public const string ExternalLogin = TableNamePrefix + "ExternalLogin";
                 public const string ExternalLoginToken = TableNamePrefix + "ExternalLoginToken";

src/Umbraco.Core/Services/UserServiceExtensions.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Globalization;
 using System.Linq;
@@ -59,7 +59,7 @@ public static EntityPermissionSet GetPermissionsForPath(this IUserService servic
         /// <param name="entityIds"></param>
         public static void RemoveUserGroupPermissions(this IUserService userService, int groupId, params int[] entityIds)
         {
-            userService.ReplaceUserGroupPermissions(groupId, new char[] {}, entityIds);
+            userService.ReplaceUserGroupPermissions(groupId, null, entityIds);
         }
 
         /// <summary>
@@ -69,7 +69,7 @@ public static void RemoveUserGroupPermissions(this IUserService userService, int
         /// <param name="groupId"></param>
         public static void RemoveUserGroupPermissions(this IUserService userService, int groupId)
         {
-            userService.ReplaceUserGroupPermissions(groupId, new char[] { });
+            userService.ReplaceUserGroupPermissions(groupId, null);
         }
 
 

src/Umbraco.Infrastructure/Migrations/Install/DatabaseSchemaCreator.cs

@@ -77,7 +77,8 @@ public class DatabaseSchemaCreator
             typeof(DocumentCultureVariationDto),
             typeof(ContentScheduleDto),
             typeof(LogViewerQueryDto),
-            typeof(ContentVersionCleanupPolicyDto)
+            typeof(ContentVersionCleanupPolicyDto),
+            typeof(UserGroup2NodeDto)
         };
 
         private readonly IUmbracoDatabase _database;

src/Umbraco.Infrastructure/Migrations/Upgrade/UmbracoPlan.cs

@@ -14,6 +14,7 @@
 using Umbraco.Cms.Infrastructure.Migrations.Upgrade.V_8_9_0;
 using Umbraco.Cms.Infrastructure.Migrations.Upgrade.V_9_0_0;
 using Umbraco.Cms.Infrastructure.Migrations.Upgrade.V_9_1_0;
+using Umbraco.Cms.Infrastructure.Migrations.Upgrade.V_9_2_0;
 using Umbraco.Extensions;
 
 namespace Umbraco.Cms.Infrastructure.Migrations.Upgrade
@@ -263,6 +264,9 @@ protected void DefinePlan()
 
             // TO 9.1.0
             To<AddContentVersionCleanupFeature>("{8BAF5E6C-DCB7-41AE-824F-4215AE4F1F98}");
+
+            // TO 9.2.0
+            To<AddUserGroup2NodeTable>("{0571C395-8F0B-44E9-8E3F-47BDD08D817B}");
         }
     }
 }

src/Umbraco.Infrastructure/Migrations/Upgrade/V_9_2_0/AddUserGroup2NodeTable.cs

@@ -0,0 +1,30 @@
+using System.Linq;
+using Umbraco.Cms.Core;
+using Umbraco.Cms.Infrastructure.Persistence.Dtos;
+using Umbraco.Extensions;
+
+namespace Umbraco.Cms.Infrastructure.Migrations.Upgrade.V_9_2_0
+{
+    class AddUserGroup2NodeTable : MigrationBase
+    {
+        public AddUserGroup2NodeTable(IMigrationContext context)
+            : base(context) { }
+
+        protected override void Migrate()
+        {
+            var tables = SqlSyntax.GetTablesInSchema(Context.Database);
+            if (!tables.InvariantContains(UserGroup2NodeDto.TableName))
+            {
+                Create.Table<UserGroup2NodeDto>().Do();
+            }
+
+            // Insert if there exists specific permissions today. Can't do it directly in db in any nice way.
+            var allData = Database.Fetch<UserGroup2NodePermissionDto>();
+            var toInsert = allData.Select(x => new UserGroup2NodeDto() { NodeId = x.NodeId, UserGroupId = x.UserGroupId }).Distinct(
+                new DelegateEqualityComparer<UserGroup2NodeDto>(
+                (x, y) => x.NodeId == y.NodeId && x.UserGroupId == y.UserGroupId,
+                x => x.NodeId.GetHashCode() + x.UserGroupId.GetHashCode())).ToArray();
+            Database.InsertBulk(toInsert);
+        }
+    }
+}

src/Umbraco.Infrastructure/Persistence/Dtos/UserGroup2NodeDto.cs

@@ -0,0 +1,23 @@
+using NPoco;
+using Umbraco.Cms.Core;
+using Umbraco.Cms.Infrastructure.Persistence.DatabaseAnnotations;
+
+namespace Umbraco.Cms.Infrastructure.Persistence.Dtos
+{
+    [TableName(TableName)]
+    [ExplicitColumns]
+    internal class UserGroup2NodeDto
+    {
+        public const string TableName = Constants.DatabaseSchema.Tables.UserGroup2Node;
+
+        [Column("userGroupId")]
+        [PrimaryKeyColumn(AutoIncrement = false, Name = "PK_" + TableName, OnColumns = "userGroupId, nodeId")]
+        [ForeignKey(typeof(UserGroupDto))]
+        public int UserGroupId { get; set; }
+
+        [Column("nodeId")]
+        [ForeignKey(typeof(NodeDto))]
+        [Index(IndexTypes.NonClustered, Name = "IX_" + TableName + "_nodeId")]
+        public int NodeId { get; set; }
+    }
+}

src/Umbraco.Infrastructure/Persistence/Repositories/Implement/ContentTypeRepositoryBase.cs

@@ -1383,6 +1383,7 @@ protected override IEnumerable<string> GetDeleteClauses()
             var list = new List<string>
             {
                 "DELETE FROM umbracoUser2NodeNotify WHERE nodeId = @id",
+                "DELETE FROM umbracoUserGroup2Node WHERE nodeId = @id",
                 "DELETE FROM umbracoUserGroup2NodePermission WHERE nodeId = @id",
                 "DELETE FROM cmsTagRelationship WHERE nodeId = @id",
                 "DELETE FROM cmsContentTypeAllowedContentType WHERE Id = @id",

src/Umbraco.Infrastructure/Persistence/Repositories/Implement/DocumentRepository.cs

@@ -233,6 +233,7 @@ protected override IEnumerable<string> GetDeleteClauses()
                 "DELETE FROM " + Cms.Core.Constants.DatabaseSchema.Tables.ContentSchedule + " WHERE nodeId = @id",
                 "DELETE FROM " + Cms.Core.Constants.DatabaseSchema.Tables.RedirectUrl + " WHERE contentKey IN (SELECT uniqueId FROM " + Cms.Core.Constants.DatabaseSchema.Tables.Node + " WHERE id = @id)",
                 "DELETE FROM " + Cms.Core.Constants.DatabaseSchema.Tables.User2NodeNotify + " WHERE nodeId = @id",
+                "DELETE FROM " + Cms.Core.Constants.DatabaseSchema.Tables.UserGroup2Node + " WHERE nodeId = @id",
                 "DELETE FROM " + Cms.Core.Constants.DatabaseSchema.Tables.UserGroup2NodePermission + " WHERE nodeId = @id",
                 "DELETE FROM " + Cms.Core.Constants.DatabaseSchema.Tables.UserStartNode + " WHERE startNode = @id",
                 "UPDATE " + Cms.Core.Constants.DatabaseSchema.Tables.UserGroup + " SET startContentId = NULL WHERE startContentId = @id",