Base solution for your next web application
Open Closed

Question about permission setup #1118


User avatar
0
joe704la created

I was wondering if I could get some help with permissions.

I want to create a Role where a user can view all users except Admin users. I want to create a manager role that can edit a "User" role but not even see "Admin" users. Is this possible and if so how would I be able to do it?


5 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    You can create a permission like "Can edit/see admin users" for users page. Then grant that permission to admin, but do not grant for manager. Then you can check if current user has this permission. If not, you can filter the users list to not include admin user(s).

  • User Avatar
    0
    joe704la created

    Excellent, thank you

  • User Avatar
    0
    joe704la created

    I am having a hard time figure out how to filter the admin users since you a user can have many roles. Would you have any code examples in the service layer?

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    I did not test this code but you can try it like this.

    In the UserAppService's GetUsers method, first get admin role by name. Then add a WhereIf to users query like below. Filter users with admin role if current user does not have permission to see Admin users.

    var adminRole = await _roleManager.GetRoleByNameAsync(StaticRoleNames.Tenants.Admin);
    var query = UserManager.Users
    	.Include(u => u.Roles)
    	.WhereIf(
    		!input.Filter.IsNullOrWhiteSpace(),
    		u =>
    			u.Name.Contains(input.Filter) ||
    			u.Surname.Contains(input.Filter) ||
    			u.UserName.Contains(input.Filter) ||
    			u.EmailAddress.Contains(input.Filter)
    	).WhereIf(UserDoesNotHavePermissionToSeeAdminUsers, u=> !u.Roles.Any(r=> r.RoleId == adminRole.Id));
    

    I hope this helps.

  • User Avatar
    0
    joe704la created

    I did something very similar. Thank you for the suggestion.