Hello
by default 'admin' user , 'admin' role are created , that's ok
i need to do the following scenario : two users created by default admin and superadmin two roles created by default admin and superadmin
the idea is superadmin user has all the permissions the admin has all the permissions except pages that specified by superadmin ex: languages, organization stucture, audit logs and the most important thing no one even admin can't see superadmins in users list and can't see those pages in role management page , and superadmin roles doesn't appear in roles page , in brief no one can see superadmin user and superadmin role at any page that uses roles logic , no one can use it to make any query except superadmin user
hoping the idea is clear , so how can i do that ?
8 Answer(s)
-
0
Hi,
I assume that you are asking it for tenants. Tenant (with admin user) creation code is here: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/master/src/MyCompanyName.AbpZeroTemplate.Core/MultiTenancy/TenantManager.cs#L55">https://github.com/aspnetzero/aspnet-ze ... ger.cs#L55</a>
You can change it to add a superadmin with related permissions.
If you are asking for host user, you can do it in EF seed: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/master/src/MyCompanyName.AbpZeroTemplate.EntityFramework/Migrations/Seed/DefaultTenantRoleAndUserCreator.cs">https://github.com/aspnetzero/aspnet-ze ... Creator.cs</a>
To hide superadmin in user list, you can modify this code which loads users: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/master/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Users/UserAppService.cs#L50">https://github.com/aspnetzero/aspnet-ze ... ice.cs#L50</a> Here, you can add a conditional filter to hide superadmin. It's similar for also roles.
-
0
hi
actually my question related to both host and tenant i'll go throw the code again but there is a point confuses me which is suppose that superadmin give the admin the permission to edit the roles page then admin will still able to see all pages in the role tree like language page , like wise for any page included in roles tree how exactly can i ensure that no one can see that page in role tree and prevent any queries on it except for superadmin
hope the idea is clear
-
0
Hi,
I assume you mean "permission tree" by "role tree". If so, you can remove permission management from admin user and only allow superuser to set permissions. Is that enough for you?
-
0
yes i meant "permission tree" by "role tree". sorry for that :)
i want to keep permission management for admin user but remove specific pages from it like languages , and of course superadmin user can see all the pages in permission tree ;)
-
0
Hi,
There is no such a feature. So, you can keep a table to store permission names to restrict. Then you can read names from this table and filter permission tree for users except superadmin.
-
0
ok , can you please refer me to the code responsible for retrieving data for permission tree maybe i can filter it in some way
-
0
Hi,
It's in the RoleAppService application service's GetRoleForEdit method. See it here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/7773db5b26cdb3d4dc6ece9be17a4c41ee6d5a4d/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Roles/RoleAppService.cs">https://github.com/aspnetzero/aspnet-ze ... Service.cs</a>
var permissions = PermissionManager.GetAllPermissions();
-
0
thank you :)