I was wondering if I could get some help with permissions.
I want to create a Role where a user can view all users except Admin users. I want to create a manager role that can edit a "User" role but not even see "Admin" users. Is this possible and if so how would I be able to do it?
5 Answer(s)
-
0
Hi,
You can create a permission like "Can edit/see admin users" for users page. Then grant that permission to admin, but do not grant for manager. Then you can check if current user has this permission. If not, you can filter the users list to not include admin user(s).
-
0
Excellent, thank you
-
0
I am having a hard time figure out how to filter the admin users since you a user can have many roles. Would you have any code examples in the service layer?
-
0
Hi,
I did not test this code but you can try it like this.
In the UserAppService's GetUsers method, first get admin role by name. Then add a WhereIf to users query like below. Filter users with admin role if current user does not have permission to see Admin users.
var adminRole = await _roleManager.GetRoleByNameAsync(StaticRoleNames.Tenants.Admin); var query = UserManager.Users .Include(u => u.Roles) .WhereIf( !input.Filter.IsNullOrWhiteSpace(), u => u.Name.Contains(input.Filter) || u.Surname.Contains(input.Filter) || u.UserName.Contains(input.Filter) || u.EmailAddress.Contains(input.Filter) ).WhereIf(UserDoesNotHavePermissionToSeeAdminUsers, u=> !u.Roles.Any(r=> r.RoleId == adminRole.Id));I hope this helps.
-
0
I did something very similar. Thank you for the suggestion.
