- What is your product version ? 10.3
- What is your product type ? Angular
- What is product framework type ? .net core
Teanant admin granted all permission by default, I have two question
- Delete a permission from Tenant admin role
- Hide specific side menu item from Tenant admin in frontend
I have a tenant side static role called "Developer". A developer can view a specific Sidemenu Item, but I want tenant admin should not view that Sidemenu item. Currently tenant admin is also able to view that Sidemenu item.
9 Answer(s)
-
0
Thanks for your response,
Yes i already read that code
await _roleManager.GrantAllPermissionsAsync(adminRole);
so it is further calling AbpRoleManager.GrantAllPermissionsAsync() , it granting all of permissions by default, not one by one, how we can exclude one permission here.One more thing how can we hide one side menu item from frontend app. Basically tenant admin has all permissions, i want to hide one menu item from admin, that will be only visible to one another role
-
0
Hi,
After that line, you can use
RoleManager.ProhibitPermissionAsync
to revoke a permisison.I think it will be better to revoke permission of that menu item from admin role. Otherwise, admin user can visit the URL manually and see the page. If you still want to do this, you can do it here https://github.com/aspnetzero/aspnet-zero-core/blob/dev/angular/src/app/shared/layout/nav/app-navigation.service.ts#L65
-
0
i checked by doing this, but it is not working. below is my code
await _roleManager.GrantAllPermissionsAsync(adminRole);
var CustomPermission = _permissionManager.GetPermission(AppPermissions.Pages_Tenant_CustomPermission);
await _roleManager.ProhibitPermissionAsync(adminRole, CustomPermission);
-
0
I could not reproduce the problem. It works as expected. See: Here is my test code:
public async Task AdminRoleProhibitPermission() { var adminRole = await _roleManager.GetRoleByNameAsync(StaticRoleNames.Tenants.Admin); var customPermission = _permissionManager.GetPermission(AppPermissions.Pages_Administration_DynamicProperties); await _roleManager.ProhibitPermissionAsync(adminRole, customPermission); }
All permissions are asssinged to admin role as default:
After I call
AdminRoleProhibitPermission
:Can you please check if that code part works as expected on your project.
-
0
Actaully i want when host Admin add new tenant. The newly created tenant admin should not have one permission called "CustomPermission". I want "CustomPermission" should not be the part of Tenant Admin role. So @ismcagdas mentioned that its right location is Core.MultiTenancy.TenantManager.cs line 133. I am writing this code at line 133
var adminRole = _roleManager.Roles.Single(r => r.Name == StaticRoleNames.Tenants.Admin);
await _roleManager.GrantAllPermissionsAsync(adminRole);
var CustomPermission = _permissionManager.GetPermission(AppPermissions.Pages_Tenant_CustomPermission);
await _roleManager.ProhibitPermissionAsync(adminRole, CustomPermission);
But when I login as Newly Created tenant admin, It has all permissions.
-
0
Any Suggestion?
-
0
Hi,
Could you check database table AbpPermissions and see if a record exits with the name
AppPermissions.Pages_Tenant_CustomPermission
for the newly created Tenant ? -
0
@ismcagdas Sorry it was mine issue, I was checking Permission of already created admin. TenantManager.CreateWithAdminUserAsync is for new tenants