All the DaliCore entities are somehow linked to a certain application. Also, all relations between the entities can only be between entities that are within the same application. To achieve this, every DaliCore entity (Content, Group and User) has the field "appKey" which specifies to what application the entity belongs. When you try to add a user from application A to a group from application B, DaliCore will throw a DaliCoreException of type APPKEY_CONFLICT.
Now, all cases are normally handled, except for one: the TypePermission. When retrieving all type permissions by type, there is no application context available. This means, that it should be provided by the user of the method AuthorizationBean.getTypePermissionsByType. However, this is currently not the case. Which means that calling this method will currently retrieve ALL the type permissions across all the applications that have the specified type.
The solution is simple: add a method that allows the application key to be provided when getting a list of type permissions by type. The current method will still exist, but will return the type permissions from the application with an empty key (where the appKey equals ""). Compare this for example with the method UserBean.getByType where the same logic is applied.