Open Closed

Delete a permission from Tenant admin role Or Hide specific side menu item from Tenant admin in frontend #10306


0
sylvestergordon@gmail.com created
  • What is your product version ? 10.3
  • What is your product type ? Angular
  • What is product framework type ? .net core

Teanant admin granted all permission by default, I have two question

  1. Delete a permission from Tenant admin role
  2. Hide specific side menu item from Tenant admin in frontend

I have a tenant side static role called "Developer". A developer can view a specific Sidemenu Item, but I want tenant admin should not view that Sidemenu item. Currently tenant admin is also able to view that Sidemenu item.


8 Answer(s)
  • 0
    ismcagdas created
    Support Team

    Hi,

    When a new tenant is created, all permissions are granted to tenant's admin role here. So, you can exclude some permissions if you want.

  • 0
    sylvestergordon@gmail.com created

    Thanks for your response,

    Yes i already read that code await _roleManager.GrantAllPermissionsAsync(adminRole); so it is further calling AbpRoleManager.GrantAllPermissionsAsync() , it granting all of permissions by default, not one by one, how we can exclude one permission here.

    One more thing how can we hide one side menu item from frontend app. Basically tenant admin has all permissions, i want to hide one menu item from admin, that will be only visible to one another role

  • 0
    ismcagdas created
    Support Team

    Hi,

    After that line, you can use RoleManager.ProhibitPermissionAsync to revoke a permisison.

    I think it will be better to revoke permission of that menu item from admin role. Otherwise, admin user can visit the URL manually and see the page. If you still want to do this, you can do it here https://github.com/aspnetzero/aspnet-zero-core/blob/dev/angular/src/app/shared/layout/nav/app-navigation.service.ts#L65

  • 0
    sylvestergordon@gmail.com created

    i checked by doing this, but it is not working. below is my code

    await _roleManager.GrantAllPermissionsAsync(adminRole); var CustomPermission = _permissionManager.GetPermission(AppPermissions.Pages_Tenant_CustomPermission); await _roleManager.ProhibitPermissionAsync(adminRole, CustomPermission);

  • 0
    musa.demir created
    Support Team

    I could not reproduce the problem. It works as expected. See: Here is my test code:

    public async Task AdminRoleProhibitPermission()
    {
        var adminRole = await _roleManager.GetRoleByNameAsync(StaticRoleNames.Tenants.Admin);
        var customPermission = _permissionManager.GetPermission(AppPermissions.Pages_Administration_DynamicProperties);
        await _roleManager.ProhibitPermissionAsync(adminRole, customPermission);
    }
    

    All permissions are asssinged to admin role as default:

    After I call AdminRoleProhibitPermission:

    Can you please check if that code part works as expected on your project.

  • 0
    sylvestergordon@gmail.com created

    Actaully i want when host Admin add new tenant. The newly created tenant admin should not have one permission called "CustomPermission". I want "CustomPermission" should not be the part of Tenant Admin role. So @ismcagdas mentioned that its right location is Core.MultiTenancy.TenantManager.cs line 133. I am writing this code at line 133 var adminRole = _roleManager.Roles.Single(r => r.Name == StaticRoleNames.Tenants.Admin); await _roleManager.GrantAllPermissionsAsync(adminRole); var CustomPermission = _permissionManager.GetPermission(AppPermissions.Pages_Tenant_CustomPermission); await _roleManager.ProhibitPermissionAsync(adminRole, CustomPermission);

    But when I login as Newly Created tenant admin, It has all permissions.

  • 0
    sylvestergordon@gmail.com created

    Any Suggestion?

  • 0
    ismcagdas created
    Support Team

    Hi,

    Could you check database table AbpPermissions and see if a record exits with the name AppPermissions.Pages_Tenant_CustomPermission for the newly created Tenant ?