Base solution for your next web application
Open Closed

How can we show the roles to all the tenant which is created by only super admin #10122


User avatar
0
shedspotter created

Hi , My requirement is that we need to allow only super admin to create roles(tenants can not create roles). Super admin will determine which roles will be displayed to the tenants.

  • What is your product version? = 10.2.0
  • What is your product type (Angular or MVC)? = Angular
  • What is product framework type (.net framework or .net core)? = .NET 5

Please help me with the same.

Thanks


3 Answer(s)
  • User Avatar
    0
    musa.demir created

    Hi @shedspotter It is not supported. You can follow that steps to implement it.

    • Remove create/edit role permission from all tenant's.
    • Add create/edit roles to host your super admin
    • Go to RoleAppService and change CreateOrUpdateRole to get tenantId as an input.
    • Then use given tenantId to create or edit role https://github.com/aspnetzero/aspnet-zero-core/blob/9a29321d9fbfb611aceafaa55f7855a198f7d499/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Roles/RoleAppService.cs#L88-L98 https://github.com/aspnetzero/aspnet-zero-core/blob/9a29321d9fbfb611aceafaa55f7855a198f7d499/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Roles/RoleAppService.cs#L114-L133
    [AbpAuthorize(AppPermissions.Pages_Administration_Roles_Edit)]
    protected virtual async Task UpdateRoleAsync(CreateOrUpdateRoleInput input)
    {
        using (CurrentUnitOfWork.SetTenantId(input.TenantId))
        {
            Debug.Assert(input.Role.Id != null, "input.Role.Id should be set.");
    
            var role = await _roleManager.GetRoleByIdAsync(input.Role.Id.Value);
            role.DisplayName = input.Role.DisplayName;
            role.IsDefault = input.Role.IsDefault;
    
            await UpdateGrantedPermissionsAsync(role, input.GrantedPermissionNames);
        }
    }
    
    [AbpAuthorize(AppPermissions.Pages_Administration_Roles_Create)]
    protected virtual async Task CreateRoleAsync(CreateOrUpdateRoleInput input)
    {
        using (CurrentUnitOfWork.SetTenantId(input.TenantId))
        {
            var role = new Role(input.TenantId, input.Role.DisplayName) {IsDefault = input.Role.IsDefault};
            CheckErrors(await _roleManager.CreateAsync(role));
            await CurrentUnitOfWork.SaveChangesAsync(); //It's done to get Id of the role.
            await UpdateGrantedPermissionsAsync(role, input.GrantedPermissionNames);
        }
    }
    
  • User Avatar
    0
    shedspotter created

    Hi @musa.demir,

    Thank for the reply.The above soltuion just solve the half of the problem but now we need to update the permission of that role. how can we achieved that becaues now we have restricted the role creation for tenants and only super admin will have all the rights to create the roles and also the github links shared by you are not accessable for me at all.

    Thanks

  • User Avatar
    0
    musa.demir created

    Hi @shedspotter

    You can check that to get acces on github https://support.aspnetzero.com/QA/Questions/9580/How-to-access-the-ASPNET-Zero-private-GitHub-repository


    To change role's permissions you can check that documentation https://aspnetboilerplate.com/Pages/Documents/Zero/Permission-Management#role-permissions