Base solution for your next web application
Open Closed

Limiting user permissions #12352


User avatar
0
uenlkr4e created

Hi,
I have a case where I want to limit users permissions down to a couple permissions if his account is not active.
I still want him to login but i dont want him to do anything except a couple permissions i set for him.

What would be the best way to do this?
thank you


3 Answer(s)
  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi @uenlkr4e

    The approach can be as follows. While deactivating a user, you can assign a role to them. This role should contain the necessary permissions for an inactive user. Additionally, you will need to address the fact that inactive users cannot log in by default in ASP.NET Zero. Since the user is inactive, the value returned from the login result will be null. To handle this, you need to override the LoginAsync method in AbpLoginManager and remove the check for whether the user is active or not.

  • User Avatar
    0
    uenlkr4e created

    Hi,
    thanks but this approach isnt really doable because of:

    1. there has to be a in-active user role in every tenant and someone with the right privilege may delete this role

    2. after activating an account I wont know what the users old role was so that would definitely cause chaos

    any other suggestions?

  • User Avatar
    0
    oguzhanagir created
    Support Team

    Hi @uenlkr4e

    You can set and remove permissions for an inactive user using the UserManager. To assign a previously defined permission to the user, you can use the SetGrantedPermissionsAsync method. If you want to remove a permission from the user, you can use the ProhibitPermissionAsync method. Related Document