User has permission to [action.browse] to node <parent> but not to do anything with that node, except [action.new] children. And, user should have permission to [action.update] those children. Which means we should _add_ a permission to <child> when it is created, in a Documen.New handler.
Trouble is, using UserPermissions.SaveNewPermissions() can not work here, because it will check that the _current_ user has permission to change the permissions, which he has obviously not.
One workaround is to set permission to [action.rights] on <parent> but I'd really avoid this. We're missing a [action.rightsOnChildren] permission, here...
Is there another API to set permissions, that would _not_ check that the current user can do it?
Workaround: set [action.rights] on <parent> but then setup a handler to remove the option to manage permissions from the content tree context menu. So the user has _permission_ to manage rights, but it never shows in the context menu. Kind of dirty?
Solved! There _is_ another API:
umbraco.BusinessLogic.Permission.MakeNew(...) and it does not check
perms before doing the job. Now, it won't refresh the user's cache so
you'll want to do that (what's the nicest way?).
Set permissions programmatically
I have the following requierement:
User has permission to [action.browse] to node <parent> but not to do anything with that node, except [action.new] children. And, user should have permission to [action.update] those children. Which means we should _add_ a permission to <child> when it is created, in a Documen.New handler.
Trouble is, using UserPermissions.SaveNewPermissions() can not work here, because it will check that the _current_ user has permission to change the permissions, which he has obviously not.
One workaround is to set permission to [action.rights] on <parent> but I'd really avoid this. We're missing a [action.rightsOnChildren] permission, here...
Is there another API to set permissions, that would _not_ check that the current user can do it?
Ideas?
Workaround: set [action.rights] on <parent> but then setup a handler to remove the option to manage permissions from the content tree context menu. So the user has _permission_ to manage rights, but it never shows in the context menu. Kind of dirty?
Solved! There _is_ another API: umbraco.BusinessLogic.Permission.MakeNew(...) and it does not check perms before doing the job. Now, it won't refresh the user's cache so you'll want to do that (what's the nicest way?).
is working on a reply...