Base solution for your next web application
Open Closed

How to customize role management? #991


User avatar
0
moustafa created

Hello

by default 'admin' user , 'admin' role are created , that's ok

i need to do the following scenario : two users created by default admin and superadmin two roles created by default admin and superadmin

the idea is superadmin user has all the permissions the admin has all the permissions except pages that specified by superadmin ex: languages, organization stucture, audit logs and the most important thing no one even admin can't see superadmins in users list and can't see those pages in role management page , and superadmin roles doesn't appear in roles page , in brief no one can see superadmin user and superadmin role at any page that uses roles logic , no one can use it to make any query except superadmin user

hoping the idea is clear , so how can i do that ?


8 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    I assume that you are asking it for tenants. Tenant (with admin user) creation code is here: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/master/src/MyCompanyName.AbpZeroTemplate.Core/MultiTenancy/TenantManager.cs#L55">https://github.com/aspnetzero/aspnet-ze ... ger.cs#L55</a>

    You can change it to add a superadmin with related permissions.

    If you are asking for host user, you can do it in EF seed: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/master/src/MyCompanyName.AbpZeroTemplate.EntityFramework/Migrations/Seed/DefaultTenantRoleAndUserCreator.cs">https://github.com/aspnetzero/aspnet-ze ... Creator.cs</a>

    To hide superadmin in user list, you can modify this code which loads users: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/master/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Users/UserAppService.cs#L50">https://github.com/aspnetzero/aspnet-ze ... ice.cs#L50</a> Here, you can add a conditional filter to hide superadmin. It's similar for also roles.

  • User Avatar
    0
    moustafa created

    hi

    actually my question related to both host and tenant i'll go throw the code again but there is a point confuses me which is suppose that superadmin give the admin the permission to edit the roles page then admin will still able to see all pages in the role tree like language page , like wise for any page included in roles tree how exactly can i ensure that no one can see that page in role tree and prevent any queries on it except for superadmin

    hope the idea is clear

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    I assume you mean "permission tree" by "role tree". If so, you can remove permission management from admin user and only allow superuser to set permissions. Is that enough for you?

  • User Avatar
    0
    moustafa created

    yes i meant "permission tree" by "role tree". sorry for that :)

    i want to keep permission management for admin user but remove specific pages from it like languages , and of course superadmin user can see all the pages in permission tree ;)

  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    There is no such a feature. So, you can keep a table to store permission names to restrict. Then you can read names from this table and filter permission tree for users except superadmin.

  • User Avatar
    0
    moustafa created

    ok , can you please refer me to the code responsible for retrieving data for permission tree maybe i can filter it in some way

  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi,

    It's in the RoleAppService application service's GetRoleForEdit method. See it here <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/blob/7773db5b26cdb3d4dc6ece9be17a4c41ee6d5a4d/src/MyCompanyName.AbpZeroTemplate.Application/Authorization/Roles/RoleAppService.cs">https://github.com/aspnetzero/aspnet-ze ... Service.cs</a>

    var permissions = PermissionManager.GetAllPermissions();
    
  • User Avatar
    0
    moustafa created

    thank you :)