Elements: Align ElementPermissionService for performance improvements

src/Umbraco.Core/Persistence/Repositories/IEntityRepository.cs

@@ -180,6 +180,14 @@ IEnumerable<IEntitySlim> GetTrashedSiblings(
     /// <returns>A collection of entity paths.</returns>
     IEnumerable<TreeEntityPath> GetAllPaths(Guid objectType, params Guid[] keys);
 
+    /// <summary>
+    /// Gets all paths for entities of the specified object types, optionally filtered by the provided entity IDs.
+    /// </summary>
+    /// <param name="objectTypes">The unique identifiers of the object types.</param>
+    /// <param name="keys">Optional array of entity keys to filter the paths. If not provided, paths for all entities of the specified type are returned.</param>
+    /// <returns>A collection of entity paths.</returns>
+    IEnumerable<TreeEntityPath> GetAllPaths(Guid[] objectTypes, params Guid[] keys);
+
     /// <summary>
     ///     Checks whether an entity with the specified identifier exists.
     /// </summary>

src/Umbraco.Core/Services/ElementPermissionService.cs

@@ -2,6 +2,7 @@
 using Umbraco.Cms.Core.Models;
 using Umbraco.Cms.Core.Models.Entities;
 using Umbraco.Cms.Core.Models.Membership;
+using Umbraco.Cms.Core.Security;
 using Umbraco.Cms.Core.Services.AuthorizationStatus;
 using Umbraco.Extensions;
 
@@ -39,25 +40,26 @@ public Task<ElementAuthorizationStatus> AuthorizeAccessAsync(
             return Task.FromResult(ElementAuthorizationStatus.NotFound);
         }
 
-        // Fetch both Elements and ElementContainers (folders)
-        IEntitySlim[] entities = _entityService.GetAll(
-            new[] { UmbracoObjectTypes.Element, UmbracoObjectTypes.ElementContainer },
-            keys).ToArray();
-
-        if (entities.Length == 0)
+        // Use GetAllPaths instead of loading full content items - we only need paths for authorization
+        TreeEntityPath[] entityPaths = _entityService.GetAllPaths([UmbracoObjectTypes.Element, UmbracoObjectTypes.ElementContainer], keys).ToArray();
+        if (entityPaths.Length == 0)
         {
             return Task.FromResult(ElementAuthorizationStatus.NotFound);
         }
 
-        if (entities.Any(entity => user.HasElementPathAccess(entity, _entityService, _appCaches) == false))
+        // Check path access using the paths directly
+        int[]? startNodeIds = user.CalculateElementStartNodeIds(_entityService, _appCaches);
+        foreach (TreeEntityPath entityPath in entityPaths)
         {
-            return Task.FromResult(ElementAuthorizationStatus.UnauthorizedMissingPathAccess);
+            if (ContentPermissions.HasPathAccess(entityPath.Path, startNodeIds, Constants.System.RecycleBinElement) == false)
+            {
+                return Task.FromResult(ElementAuthorizationStatus.UnauthorizedMissingPathAccess);
+            }
         }
 
-        return Task.FromResult(
-            HasPermissionAccess(user, entities.Select(e => e.Path), permissionsToCheck)
-                ? ElementAuthorizationStatus.Success
-                : ElementAuthorizationStatus.UnauthorizedMissingPermissionAccess);
+        return Task.FromResult(HasPermissionAccess(user, entityPaths.Select(p => p.Path), permissionsToCheck)
+            ? ElementAuthorizationStatus.Success
+            : ElementAuthorizationStatus.UnauthorizedMissingPermissionAccess);
     }
 
     /// <inheritdoc/>

src/Umbraco.Core/Services/EntityService.cs

@@ -1,4 +1,4 @@
 using System.Globalization;
 using System.Linq.Expressions;
 using Microsoft.Extensions.Logging;
 using Umbraco.Cms.Core.Events;
@@ -831,6 +831,15 @@
         }
     }
 
+    /// <inheritdoc />
+    public virtual IEnumerable<TreeEntityPath> GetAllPaths(IEnumerable<UmbracoObjectTypes> objectTypes, params Guid[] keys)
+    {
+        using (ScopeProvider.CreateCoreScope(autoComplete: true))
+        {
+            return _entityRepository.GetAllPaths(objectTypes.Select(objectType => objectType.GetGuid()).ToArray(), keys);
+        }
+    }
+
     /// <inheritdoc />
     public int ReserveId(Guid key)
     {

src/Umbraco.Core/Services/IEntityService.cs

@@ -505,6 +505,11 @@ IEnumerable<IEntitySlim> GetPagedDescendants(
     /// </summary>
     IEnumerable<TreeEntityPath> GetAllPaths(UmbracoObjectTypes objectType, params Guid[] keys);
 
+    /// <summary>
+    ///     Gets paths for entities.
+    /// </summary>
+    IEnumerable<TreeEntityPath> GetAllPaths(IEnumerable<UmbracoObjectTypes> objectTypes, params Guid[] keys);
+
     /// <summary>
     ///     Reserves an identifier for a key.
     /// </summary>

src/Umbraco.Infrastructure/Persistence/Repositories/Implement/EntityRepository.cs

@@ -587,14 +587,23 @@ public IEnumerable<TreeEntityPath> GetAllPaths(Guid objectType, params Guid[] ke
             ? PerformGetAllPaths(objectType, sql => sql.WhereIn<NodeDto>(x => x.UniqueId, keys.Distinct()))
             : PerformGetAllPaths(objectType);
 
+    /// <inheritdoc/>
+    public IEnumerable<TreeEntityPath> GetAllPaths(Guid[] objectTypes, params Guid[] keys) =>
+        keys.Any()
+            ? PerformGetAllPaths(objectTypes, sql => sql.WhereIn<NodeDto>(x => x.UniqueId, keys.Distinct()))
+            : PerformGetAllPaths(objectTypes);
+
     private IEnumerable<TreeEntityPath> PerformGetAllPaths(Guid objectType, Action<Sql<ISqlContext>>? filter = null)
+        => PerformGetAllPaths([objectType], filter);
+
+    private IEnumerable<TreeEntityPath> PerformGetAllPaths(Guid[] objectTypes, Action<Sql<ISqlContext>>? filter = null)
     {
         // NodeId is named Id on TreeEntityPath = use an alias
         Sql<ISqlContext> sql = Sql().Select<NodeDto>(
                 x => Alias(x.NodeId, nameof(TreeEntityPath.Id)),
                 x => x.Path,
                 x => Alias(x.UniqueId, nameof(TreeEntityPath.Key)))
-            .From<NodeDto>().Where<NodeDto>(x => x.NodeObjectType == objectType);
+            .From<NodeDto>().WhereIn<NodeDto>(x => x.NodeObjectType, objectTypes);
         filter?.Invoke(sql);
         return Database.Fetch<TreeEntityPath>(sql);
     }