Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
- ABP Framework version: v4.4
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes (identity server separated) Angular
- Exception message and stack trace:
- Steps to reproduce the issue:"
Create a Role : Owner Assign Permissions: For User Management
Assign a User (U1) to the role Owner.
Now when this user U1, adds/edits any other user U2, he/she is able to assign other roles like Admin to U2.
We dont want this behavior. An owner can assign any other non-admin roles but not admin role. How can we achieve this out of the box? Also we have made the roles non-default and non-public, still those are visible to users.
3 Answer(s)
-
0
As a logic you're right. It can be a business logic such as you mentioned. But currently, ABP doesn't implement that kind of logic.
The shortest way to perform that operation is overriding IdentityUserAppService
[Dependency(ReplaceServices = true)] public class MyCustomIdentityUserAppService : IdentityUserAppService { public MyCustomIdentityUserAppService( IdentityUserManager userManager, IIdentityUserRepository userRepository, IIdentityRoleRepository roleRepository, IOptions<IdentityOptions> identityOptions) : base(userManager, userRepository, roleRepository, identityOptions) { } public override async Task<ListResultDto<IdentityRoleDto>> GetAssignableRolesAsync() { var roles = await base.GetAssignableRolesAsync(); if (/* Your condition.*/) // CurrentUser.UserName == "admin" { var customRoleList = roles.Items.ToList(); customRoleList.Remove(roles.Items.FirstOrDefault(x => x.Name == "admin")); return new ListResultDto<IdentityRoleDto>(customRoleList); } return roles; } }```
-
0
So just to summarize, does this mean, we need to define a custom ui and integrate the same with a custom service. This custom service will override the logic by inheriting IdentityUserAppService (as you mentioned above).
is that the case?
-
0
No, you don't need to define a custom UI. Just override only
IdentityUserAppService
, and the existing UI will use the same endpoint. You'll just add some custom logic for existing AppService logic.