Draft: property visibility refactor

src/Umbraco.Cms.Api.Management/Controllers/UserGroup/UserGroupControllerBase.cs

@@ -54,8 +54,12 @@
                 .WithDetail("The assigned media start node does not exists.")
                 .Build()),
             UserGroupOperationStatus.DocumentPermissionKeyNotFound => NotFound(new ProblemDetailsBuilder()
-                .WithTitle("A document permission key not found")
-                .WithDetail("A assigned document permission not exists.")
+                .WithTitle("Document permission key not found")
+                .WithDetail("An assigned document permission does not reference an existing document.")
+                .Build()),
+            UserGroupOperationStatus.DocumentTypePermissionKeyNotFound => NotFound(new ProblemDetailsBuilder()
+                .WithTitle("Document type permission key not found")
+                .WithDetail("An assigned document type permission does not reference an existing document type.")
                 .Build()),
             UserGroupOperationStatus.LanguageNotFound => NotFound(problemDetailsBuilder
                 .WithTitle("Language not found")

src/Umbraco.Cms.Api.Management/DependencyInjection/UserGroupsBuilderExtensions.cs

@@ -13,10 +13,11 @@ internal static IUmbracoBuilder AddUserGroups(this IUmbracoBuilder builder)
         builder.Services.AddTransient<IUserGroupPresentationFactory, UserGroupPresentationFactory>();
         builder.Services.AddSingleton<IPermissionPresentationFactory, PermissionPresentationFactory>();
 
+        builder.Services.AddSingleton<IPermissionMapper, DocumentPermissionMapper>();
+        builder.Services.AddSingleton<IPermissionPresentationMapper, DocumentPermissionMapper>();
 
-        builder.Services.AddSingleton<DocumentPermissionMapper>();
-        builder.Services.AddSingleton<IPermissionMapper>(x=>x.GetRequiredService<DocumentPermissionMapper>());
-        builder.Services.AddSingleton<IPermissionPresentationMapper>(x=>x.GetRequiredService<DocumentPermissionMapper>());
+        builder.Services.AddSingleton<IPermissionMapper, DocumentPropertyValuePermissionMapper>();
+        builder.Services.AddSingleton<IPermissionPresentationMapper, DocumentPropertyValuePermissionMapper>();
 
         return builder;
     }

src/Umbraco.Cms.Api.Management/Mapping/Permissions/DocumentPropertyValuePermissionMapper.cs

@@ -0,0 +1,69 @@
+using Umbraco.Cms.Api.Management.ViewModels;
+using Umbraco.Cms.Api.Management.ViewModels.UserGroup.Permissions;
+using Umbraco.Cms.Core.Models.Membership.Permissions;
+using Umbraco.Cms.Infrastructure.Persistence.Dtos;
+using Umbraco.Cms.Infrastructure.Persistence.Mappers;
+using Umbraco.Extensions;
+
+namespace Umbraco.Cms.Api.Management.Mapping.Permissions;
+
+public class DocumentPropertyValuePermissionMapper : IPermissionPresentationMapper, IPermissionMapper
+{
+    public string Context => DocumentPropertyValueGranularPermission.ContextType;
+
+    public IGranularPermission MapFromDto(UserGroup2GranularPermissionDto dto) =>
+        new DocumentPropertyValueGranularPermission()
+        {
+            Key = dto.UniqueId!.Value,
+            Permission = dto.Permission,
+        };
+
+    public Type PresentationModelToHandle => typeof(DocumentPropertyValuePermissionPresentationModel);
+
+    public IEnumerable<IPermissionPresentationModel> MapManyAsync(IEnumerable<IGranularPermission> granularPermissions)
+    {
+        var intermediate = granularPermissions.Where(p => p.Key.HasValue).Select(p =>
+            {
+                var parts = p.Permission.Split('|');
+                return parts.Length == 2 && Guid.TryParse(parts[0], out Guid propertyTypeId)
+                    ? new { DocumentTypeId = p.Key!.Value, PropertyTypeId = propertyTypeId, Verb = parts[1] }
+                    : null;
+            })
+            .WhereNotNull()
+            .ToArray();
+
+        var intermediateByDocumentType = intermediate.GroupBy(x => x.DocumentTypeId);
+        foreach (var documentTypeGroup in intermediateByDocumentType)
+        {
+            foreach (var propertyTypeGroup in documentTypeGroup.GroupBy(x => x.PropertyTypeId))
+            {
+                yield return new DocumentPropertyValuePermissionPresentationModel
+                {
+                    DocumentType = new ReferenceByIdModel(documentTypeGroup.Key),
+                    PropertyType = new ReferenceByIdModel(propertyTypeGroup.Key),
+                    Verbs = propertyTypeGroup
+                        .Select(x => x.Verb)
+                        .Where(verb => verb.IsNullOrWhiteSpace() is false)
+                        .ToHashSet(),
+                };
+            }
+        }
+    }
+
+    public IEnumerable<IGranularPermission> MapToGranularPermissions(IPermissionPresentationModel permissionViewModel)
+    {
+        if (permissionViewModel is not DocumentPropertyValuePermissionPresentationModel documentTypePermissionPresentationModel)
+        {
+            yield break;
+        }
+
+        foreach (var verb in documentTypePermissionPresentationModel.Verbs.Distinct().DefaultIfEmpty(string.Empty))
+        {
+            yield return new DocumentPropertyValueGranularPermission
+            {
+                Key = documentTypePermissionPresentationModel.DocumentType.Id,
+                Permission = $"{documentTypePermissionPresentationModel.PropertyType.Id}|{verb}"
+            };
+        }
+    }
+}

src/Umbraco.Cms.Api.Management/OpenApi.json

@@ -36405,6 +36405,9 @@
                 {
                   "$ref": "#/components/schemas/DocumentPermissionPresentationModel"
                 },
+                {
+                  "$ref": "#/components/schemas/DocumentPropertyValuePermissionPresentationModel"
+                },
                 {
                   "$ref": "#/components/schemas/UnknownTypePermissionPresentationModel"
                 }
@@ -36693,6 +36696,9 @@
                 {
                   "$ref": "#/components/schemas/DocumentPermissionPresentationModel"
                 },
+                {
+                  "$ref": "#/components/schemas/DocumentPropertyValuePermissionPresentationModel"
+                },
                 {
                   "$ref": "#/components/schemas/UnknownTypePermissionPresentationModel"
                 }
@@ -37568,6 +37574,48 @@
           }
         }
       },
+      "DocumentPropertyValuePermissionPresentationModel": {
+        "required": [
+          "$type",
+          "documentType",
+          "propertyType",
+          "verbs"
+        ],
+        "type": "object",
+        "properties": {
+          "$type": {
+            "type": "string"
+          },
+          "documentType": {
+            "oneOf": [
+              {
+                "$ref": "#/components/schemas/ReferenceByIdModel"
+              }
+            ]
+          },
+          "propertyType": {
+            "oneOf": [
+              {
+                "$ref": "#/components/schemas/ReferenceByIdModel"
+              }
+            ]
+          },
+          "verbs": {
+            "uniqueItems": true,
+            "type": "array",
+            "items": {
+              "type": "string"
+            }
+          }
+        },
+        "additionalProperties": false,
+        "discriminator": {
+          "propertyName": "$type",
+          "mapping": {
+            "DocumentPropertyValuePermissionPresentationModel": "#/components/schemas/DocumentPropertyValuePermissionPresentationModel"
+          }
+        }
+      },
       "DocumentRecycleBinItemResponseModel": {
         "required": [
           "createDate",
@@ -46169,6 +46217,9 @@
                 {
                   "$ref": "#/components/schemas/DocumentPermissionPresentationModel"
                 },
+                {
+                  "$ref": "#/components/schemas/DocumentPropertyValuePermissionPresentationModel"
+                },
                 {
                   "$ref": "#/components/schemas/UnknownTypePermissionPresentationModel"
                 }
@@ -46592,6 +46643,9 @@
                 {
                   "$ref": "#/components/schemas/DocumentPermissionPresentationModel"
                 },
+                {
+                  "$ref": "#/components/schemas/DocumentPropertyValuePermissionPresentationModel"
+                },
                 {
                   "$ref": "#/components/schemas/UnknownTypePermissionPresentationModel"
                 }

src/Umbraco.Cms.Api.Management/ViewModels/UserGroup/Permissions/DocumentPropertyValuePermissionPresentationModel.cs

@@ -0,0 +1,10 @@
+namespace Umbraco.Cms.Api.Management.ViewModels.UserGroup.Permissions;
+
+public class DocumentPropertyValuePermissionPresentationModel : IPermissionPresentationModel
+{
+    public required ReferenceByIdModel DocumentType { get; set; }
+
+    public required ReferenceByIdModel PropertyType { get; set; }
+
+    public required ISet<string> Verbs { get; set; }
+}

src/Umbraco.Core/Actions/ActionDocumentPropertyRead.cs

@@ -0,0 +1,29 @@
+namespace Umbraco.Cms.Core.Actions;
+
+public class ActionDocumentPropertyRead : IAction
+{
+    /// <inheritdoc cref="IAction.ActionLetter" />
+    public const string ActionLetter = "Umb.Document.PropertyValue.Read";
+
+    /// <inheritdoc cref="IAction.ActionAlias" />
+    public const string ActionAlias = "documentpropertyread";
+
+    /// <inheritdoc/>
+    public string Letter => ActionLetter;
+
+    /// <inheritdoc/>
+    public string Alias => ActionAlias;
+
+    /// <inheritdoc />
+    public bool ShowInNotifier => false;
+
+    /// <inheritdoc />
+    public bool CanBePermissionAssigned => true;
+
+    /// <inheritdoc />
+    public string Icon => string.Empty;
+
+    /// <inheritdoc />
+    public string Category => Constants.Conventions.PermissionCategories.OtherCategory;
+}
+

src/Umbraco.Core/Actions/ActionDocumentPropertyWrite.cs

@@ -0,0 +1,29 @@
+namespace Umbraco.Cms.Core.Actions;
+
+public class ActionDocumentPropertyWrite : IAction
+{
+    /// <inheritdoc cref="IAction.ActionLetter" />
+    public const string ActionLetter = "Umb.Document.PropertyValue.Write";
+
+    /// <inheritdoc cref="IAction.ActionAlias" />
+    public const string ActionAlias = "documentpropertywrite";
+
+    /// <inheritdoc/>
+    public string Letter => ActionLetter;
+
+    /// <inheritdoc/>
+    public string Alias => ActionAlias;
+
+    /// <inheritdoc />
+    public bool ShowInNotifier => false;
+
+    /// <inheritdoc />
+    public bool CanBePermissionAssigned => true;
+
+    /// <inheritdoc />
+    public string Icon => string.Empty;
+
+    /// <inheritdoc />
+    public string Category => Constants.Conventions.PermissionCategories.OtherCategory;
+}
+

src/Umbraco.Core/Models/Membership/Permissions/DocumentPropertyValueGranularPermission.cs

@@ -0,0 +1,36 @@
+namespace Umbraco.Cms.Core.Models.Membership.Permissions;
+
+public class DocumentPropertyValueGranularPermission : INodeGranularPermission
+{
+    public const string ContextType = "DocumentTypeProperty";
+
+    public required Guid Key { get; set; }
+
+    public string Context => ContextType;
+
+    public required string Permission { get; set; }
+
+    protected bool Equals(DocumentPropertyValueGranularPermission other) => Key.Equals(other.Key) && Permission == other.Permission;
+
+    public override bool Equals(object? obj)
+    {
+        if (ReferenceEquals(null, obj))
+        {
+            return false;
+        }
+
+        if (ReferenceEquals(this, obj))
+        {
+            return true;
+        }
+
+        if (obj.GetType() != GetType())
+        {
+            return false;
+        }
+
+        return Equals((DocumentPropertyValueGranularPermission)obj);
+    }
+
+    public override int GetHashCode() => HashCode.Combine(Key, Permission);
+}

src/Umbraco.Core/Services/OperationStatus/UserGroupOperationStatus.cs

@@ -14,6 +14,7 @@ public enum UserGroupOperationStatus
     MediaStartNodeKeyNotFound,
     DocumentStartNodeKeyNotFound,
     DocumentPermissionKeyNotFound,
+    DocumentTypePermissionKeyNotFound,
     LanguageNotFound,
     NameTooLong,
     AliasTooLong,

src/Umbraco.Core/Services/UserGroupService.cs

@@ -612,20 +612,26 @@ private UserGroupOperationStatus ValidateStartNodesExists(IUserGroup userGroup)
 
     private UserGroupOperationStatus ValidateGranularPermissionsExists(IUserGroup userGroup)
     {
-        IEnumerable<Guid> documentKeys = userGroup.GranularPermissions.Select(granularPermission =>
-        {
-            if (granularPermission is DocumentGranularPermission nodeGranularPermission)
-            {
-                return (Guid?)nodeGranularPermission.Key;
-            }
+        Guid[] documentKeys = userGroup.GranularPermissions
+            .OfType<DocumentGranularPermission>()
+            .Select(p => p.Key)
+            .ToArray();
 
-            return null;
-        }).Where(x => x.HasValue).Cast<Guid>().ToArray();
         if (documentKeys.Any() && _entityService.Exists(documentKeys) is false)
         {
             return UserGroupOperationStatus.DocumentPermissionKeyNotFound;
         }
 
+        Guid[] documentTypeKeys = userGroup.GranularPermissions
+            .OfType<DocumentPropertyValueGranularPermission>()
+            .Select(p => p.Key)
+            .ToArray();
+
+        if (documentTypeKeys.Any() && _entityService.Exists(documentTypeKeys) is false)
+        {
+            return UserGroupOperationStatus.DocumentTypePermissionKeyNotFound;
+        }
+
         return UserGroupOperationStatus.Success;
     }
 

src/Umbraco.Infrastructure/Migrations/Install/DatabaseDataCreator.cs

@@ -195,10 +195,10 @@ private void CreateUserGroup2PermissionData()
     {
         var userGroupKeyToPermissions = new Dictionary<Guid, IEnumerable<string>>()
         {
-            [Constants.Security.AdminGroupKey] = [ActionNew.ActionLetter, ActionUpdate.ActionLetter, ActionDelete.ActionLetter, ActionMove.ActionLetter, ActionCopy.ActionLetter, ActionSort.ActionLetter, ActionRollback.ActionLetter, ActionProtect.ActionLetter, ActionAssignDomain.ActionLetter, ActionPublish.ActionLetter, ActionRights.ActionLetter, ActionUnpublish.ActionLetter, ActionBrowse.ActionLetter, ActionCreateBlueprintFromContent.ActionLetter, ActionNotify.ActionLetter, ":", "5", "7", "T"],
-            [Constants.Security.EditorGroupKey] = [ActionNew.ActionLetter, ActionUpdate.ActionLetter, ActionDelete.ActionLetter, ActionMove.ActionLetter, ActionCopy.ActionLetter, ActionSort.ActionLetter, ActionRollback.ActionLetter, ActionProtect.ActionLetter, ActionPublish.ActionLetter, ActionUnpublish.ActionLetter, ActionBrowse.ActionLetter, ActionCreateBlueprintFromContent.ActionLetter, ActionNotify.ActionLetter, ":", "5", "T"],
-            [Constants.Security.WriterGroupKey] = [ActionNew.ActionLetter, ActionUpdate.ActionLetter, ActionBrowse.ActionLetter, ActionNotify.ActionLetter, ":" ],
-            [Constants.Security.TranslatorGroupKey] = [ActionUpdate.ActionLetter, ActionBrowse.ActionLetter],
+            [Constants.Security.AdminGroupKey] = [ActionNew.ActionLetter, ActionUpdate.ActionLetter, ActionDelete.ActionLetter, ActionMove.ActionLetter, ActionCopy.ActionLetter, ActionSort.ActionLetter, ActionRollback.ActionLetter, ActionProtect.ActionLetter, ActionAssignDomain.ActionLetter, ActionPublish.ActionLetter, ActionRights.ActionLetter, ActionUnpublish.ActionLetter, ActionBrowse.ActionLetter, ActionCreateBlueprintFromContent.ActionLetter, ActionNotify.ActionLetter, ":", "5", "7", "T", ActionDocumentPropertyRead.ActionLetter, ActionDocumentPropertyWrite.ActionLetter],
+            [Constants.Security.EditorGroupKey] = [ActionNew.ActionLetter, ActionUpdate.ActionLetter, ActionDelete.ActionLetter, ActionMove.ActionLetter, ActionCopy.ActionLetter, ActionSort.ActionLetter, ActionRollback.ActionLetter, ActionProtect.ActionLetter, ActionPublish.ActionLetter, ActionUnpublish.ActionLetter, ActionBrowse.ActionLetter, ActionCreateBlueprintFromContent.ActionLetter, ActionNotify.ActionLetter, ":", "5", "T", ActionDocumentPropertyRead.ActionLetter, ActionDocumentPropertyWrite.ActionLetter],
+            [Constants.Security.WriterGroupKey] = [ActionNew.ActionLetter, ActionUpdate.ActionLetter, ActionBrowse.ActionLetter, ActionNotify.ActionLetter, ":" , ActionDocumentPropertyRead.ActionLetter, ActionDocumentPropertyWrite.ActionLetter],
+            [Constants.Security.TranslatorGroupKey] = [ActionUpdate.ActionLetter, ActionBrowse.ActionLetter, ActionDocumentPropertyRead.ActionLetter, ActionDocumentPropertyWrite.ActionLetter],
         };
 
         var i = 1;

src/Umbraco.Infrastructure/Migrations/Upgrade/UmbracoPlan.cs

@@ -114,6 +114,7 @@ protected virtual void DefinePlan()
 
         // To 15.4.0
         To<V_15_4_0.UpdateDocumentUrlToPersistMultipleSegmentsPerDocument>("{A9E72794-4036-4563-B543-1717C73B8879}");
+        To<V_15_4_0.AddDocumentPropertyPermissions>("{D1568C33-A697-455F-8D16-48060CB954A1}");
         To<V_15_4_0.AddRelationTypeForMembers>("{33D62294-D0DE-4A86-A830-991EB36B96DA}");
     }
 }