Birthdaylist Users Dashboard - needs admin permission #2524 | Support Center

rvanwoezik created 7 years ago

I have extended user with DateOfBirth, in UserAppService i have created GetBirthdayList()

public async Task<ListResultDto<UserListDto>> GetBirthDayList()
        {
            var query = from u in UserManager.Users.Where(p => p.IsActive)
                        let diffYears = DbFunctions.DiffYears(u.DateOfBirth, DateTime.Today)
                        let birthdayOccurred =
                        u.DateOfBirth.Month < DateTime.Today.Month
                        || ((u.DateOfBirth.Day + 3) <= DateTime.Today.Day && u.DateOfBirth.Month == DateTime.Today.Month)
                        let nextBirthdate = DbFunctions.AddYears(u.DateOfBirth, diffYears + (birthdayOccurred ? 1 : 0))
                        let daysToBirthdate = DbFunctions.DiffDays(DateTime.Today, nextBirthdate)
                        orderby daysToBirthdate
                        select u;

            var users = await query.Take(12).ToListAsync();

            return new ListResultDto<UserListDto>(users.MapTo<List<UserListDto>>());
        }

This list is visible for members of the Role Admin, but not for default Role "user", how to give role "user" view rights to birthdaylist without giving them create edit delete rights? Should i use userRepository instead of UserManager?

I hope my question is clear.

3 Answer(s)

0

ismcagdas created 7 years ago
Support Team

Hi,

I'm not sure if I understand you correctly, but you can define seperate permissions for viewing, editing, deleting just like we did here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/dev/src/MyCompanyName.AbpZeroTemplate.Core/Authorization/AppPermissions.cs#L20">https://github.com/aspnetzero/aspnet-ze ... ons.cs#L20</a>.

These permissions can be assigned to roles seperately.

rvanwoezik created 7 years ago

So I have created a new AppPermission Pages_Administration_Users_List

In UserAppService can i combine class permissions and method permissions?

[AbpAuthorize(AppPermissions.Pages_Administration_Users)]
    public class UserAppService : PhoogleZeroAppServiceBase, IUserAppService

and then in method GetBirthdayList

[AbpAuthorize(AppPermissions.Pages_Administration_Users_List)]
        public async Task<ListResultDto<UserListDto>> GetBirthDayList()
        {
            var query = from u in UserManager.Users.Where(u => u.IsActive)
                        let diffYears = DbFunctions.DiffYears(u.DateOfBirth, DateTime.Today)
                        let birthdayOccurred =
                        u.DateOfBirth.Month < DateTime.Today.Month
                        || ((u.DateOfBirth.Day + 3) <= DateTime.Today.Day && u.DateOfBirth.Month == DateTime.Today.Month)
                        let nextBirthdate = DbFunctions.AddYears(u.DateOfBirth, diffYears + (birthdayOccurred ? 1 : 0))
                        let daysToBirthdate = DbFunctions.DiffDays(DateTime.Today, nextBirthdate)
                        orderby daysToBirthdate
                        select u;

            var users = await query.Take(12).ToListAsync();

            return new ListResultDto<UserListDto>(users.MapTo<List<UserListDto>>());
        }

0
ismcagdas created 7 years ago
Support Team
Hi,

A permission is independent of class and method. You can use a permission or more than one permission on a class or method, no problem. If you want to use multiple permssions, just seperate them with a comma like

[AbpAuthorize("Permission1", "Permission2")]

Have an answer to this question? Log in and write your answer.