How can we show the roles to all the tenant which is created by only super admin #10122 | Support Center

shedspotter created 3 years ago

Hi , My requirement is that we need to allow only super admin to create roles(tenants can not create roles). Super admin will determine which roles will be displayed to the tenants.

What is your product version? = 10.2.0
What is your product type (Angular or MVC)? = Angular
What is product framework type (.net framework or .net core)? = .NET 5

Please help me with the same.

Thanks

3 Answer(s)

musa.demir created 3 years ago

Hi @shedspotter It is not supported. You can follow that steps to implement it.

Remove create/edit role permission from all tenant's.
Add create/edit roles to host your super admin
Go to RoleAppService and change CreateOrUpdateRole to get tenantId as an input.
Then use given tenantId to create or edit role https://github.com/aspnetzero/aspnet-zero-core/blob/9a29321d9fbfb611aceafaa55f7855a198f7d499/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Roles/RoleAppService.cs#L88-L98 https://github.com/aspnetzero/aspnet-zero-core/blob/9a29321d9fbfb611aceafaa55f7855a198f7d499/aspnet-core/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Roles/RoleAppService.cs#L114-L133

[AbpAuthorize(AppPermissions.Pages_Administration_Roles_Edit)]
protected virtual async Task UpdateRoleAsync(CreateOrUpdateRoleInput input)
{
    using (CurrentUnitOfWork.SetTenantId(input.TenantId))
    {
        Debug.Assert(input.Role.Id != null, "input.Role.Id should be set.");

        var role = await _roleManager.GetRoleByIdAsync(input.Role.Id.Value);
        role.DisplayName = input.Role.DisplayName;
        role.IsDefault = input.Role.IsDefault;

        await UpdateGrantedPermissionsAsync(role, input.GrantedPermissionNames);
    }
}

[AbpAuthorize(AppPermissions.Pages_Administration_Roles_Create)]
protected virtual async Task CreateRoleAsync(CreateOrUpdateRoleInput input)
{
    using (CurrentUnitOfWork.SetTenantId(input.TenantId))
    {
        var role = new Role(input.TenantId, input.Role.DisplayName) {IsDefault = input.Role.IsDefault};
        CheckErrors(await _roleManager.CreateAsync(role));
        await CurrentUnitOfWork.SaveChangesAsync(); //It's done to get Id of the role.
        await UpdateGrantedPermissionsAsync(role, input.GrantedPermissionNames);
    }
}

0

shedspotter created 3 years ago

Hi @musa.demir,

Thank for the reply.The above soltuion just solve the half of the problem but now we need to update the permission of that role. how can we achieved that becaues now we have restricted the role creation for tenants and only super admin will have all the rights to create the roles and also the github links shared by you are not accessable for me at all.

Thanks
0

musa.demir created 3 years ago

Hi @shedspotter

You can check that to get acces on github https://support.aspnetzero.com/QA/Questions/9580/How-to-access-the-ASPNET-Zero-private-GitHub-repository

To change role's permissions you can check that documentation https://aspnetboilerplate.com/Pages/Documents/Zero/Permission-Management#role-permissions

Have an answer to this question? Log in and write your answer.