Base solution for your next web application
Open Closed

Allowing host to edit tenant roles #4612


User avatar
0
strix20 created

So we have the need to create some seeded static roles that will exist for all tenants. After looking into the code, I've been able to duplicate how the admin and user roles are created.

In the tenant create method, I can create the seeded roles, and copy over permissions from the host role, no problem.

However, what we want to configure are strictly tenant based permissions. For example, we have entire sections of the site that are tenant only, and we want to create a "Demo" role that we can configure in the host that has only read permission (not edit or delete) for all tenant-related pages.

Then, when a new tenant is created, they automatically inheret a copy of this role, that they can then modify as they see fit.

We want to be able to edit the host version of this role easily in the GUI, should we add new features, etc. We do NOT expect these edits to propagate to existing tenants, nor would we want it to (because it might override their edits.)

The easiest solution we can see is to change the role domain rules to show all permissions to hosts, but we also don't love the idea of actual host roles accidentally being assigned tenant specific permissions.

We've thought about duplicating the role editor front end code, but that's a great deal of duplication.

Has anyone else run into a similar need? Do any of you at Volosoft have any suggestions for how we might proceed?


1 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    We've thought about duplicating the role editor front end code, but that's a great deal of duplication.

    It's duplication, but seems necessary for your case.

    However, what we want to configure are strictly tenant based permissions. For example, we have entire sections of the site that are tenant only, and we want to create a "Demo" role that we can configure in the host that has only read permission (not edit or delete) for all tenant-related pages.
    

    That's more complicated. Tenant will see host pages (as read only). I don't know if this is a critical business requirement for you, however it's funcamentally problematic.