Right so seems there isn't a combination of rights to do this. But perhaps I could set some access rights on the "Content Assets Folder"?
This is however grayed out when trying to set access rights. Anyone got a way to get around it or a good explenation as to why this type doesn't allow access rights to be set? An oversight by EPi perhaps?
Sorry for reviving this, but I have done some research on this recently.
One can change content folder ACL with code similar to this:
var contentLink = new ContentReference(int.Parse(Request["page-id"])); var content = DataFactory.Instance.Get<IContent>(contentLink); var securable = (content as EPiServer.Security.IContentSecurable).GetContentSecurityDescriptor(); var writable = securable.CreateWritableClone() as EPiServer.Security.IContentSecurityDescriptor; var creator = writable.Creator; writable.IsInherited = false; writable.Clear(); writable.Creator = creator; writable.AddEntry(new EPiServer.Security.AccessControlEntry(@"Bjorn", EPiServer.Security.AccessLevel.FullAccess, EPiServer.Security.SecurityEntityType.User)); EPiServer.ServiceLocation.ServiceLocator.Current.GetInstance<EPiServer.DataAbstraction.IContentSecurityRepository>().Save(contentLink, writable, EPiServer.Security.SecuritySaveType.Replace);
In order to find the ID of the content folder, something like this might help you on the right path (hint: it's C# 6):
Response.Write(Newtonsoft.Json.JsonConvert.SerializeObject(DataFactory.Instance.GetChildren<ContentFolder>(EPiServer.Web.SiteDefinition.Current.GlobalAssetsRoot).Select(p => $"{p.Name} [{p.ContentLink.ID}], [{Newtonsoft.Json.JsonConvert.SerializeObject((p as EPiServer.Security.IContentSecurable).GetContentSecurityDescriptor().Entries)}]<br>")));
Also, to change the ACL for a content folder, one might open the following URL to use the EPi (legacy) dialog: your-server/EPiServer/CMS/Edit/EditSecurity.aspx?id=9530
Sweet work Björn. I can't for the world of me remember the project I needed this for though but could be nice for others if this will show up when searching.
Is there any combination of access rights I can give a group so that they are able to upload files but not create folders?