ABP Framework version:v8.3.3
UI Type: Angular / MVC
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
**Feature: ** Enable primary users to self-manage their secondary users.
Overview:
I would like to implement a feature that allows a primary user to create and manage subordinate users. The primary user should have the ability to assign permissions to these subordinate users, but only within the limits of their own permissions. For example, if the primary user has permissions to add, edit, delete, and view books, they should be able to create a subordinate user and assign them only the permission to view books. The key requirement is that the primary user can only grant permissions that they themselves possess.
Additionally, this requirement is to enable subordinate users to access the primary user's financial account, but strictly within the permissions and limits granted to them by the primary user.
Key Points to Consider: User Creation: The primary user can create subordinate users under their account. Permission And Role Assignment: The primary user can assign roles or permissions to these subordinate users, but only the permissions that they have. Limitations: Ensure that the subordinate users cannot be granted permissions beyond what the primary user has.
I would appreciate any guidance or examples on how to implement this functionality effectively.
1 Answer(s)
-
0
you can create an intermediate table
public class SubordinateUser : Entity<Guid> { public Guid SuperiorUserId { get; set;} public Guid UserId { get; set; } }User Creation: The primary user can create subordinate users under their account.
It's easy to do; you can create a user and add subordinate user data.
: The primary user can assign roles or permissions to these subordinate users, but only the permissions that they have.
you need to create a new permission modal to filter the superior user permissions.
you can refer to this: https://github.com/abpframework/abp/tree/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Web/Pages/AbpPermissionManagement
Ensure that the subordinate users cannot be granted permissions beyond what the primary user has.
you can override the
PermissionAppServiceservice to check it. https://github.com/abpframework/abp/blob/dev/modules/permission-management/src/Volo.Abp.PermissionManagement.Application/Volo/Abp/PermissionManagement/PermissionAppService.cs#L138public class MyPermissionAppService : PermissionAppService { public override async Task UpdateAsync(string providerName, string providerKey, UpdatePermissionsDto input) { //get the superior user permissions and check here. // if provider name is `R`, means role, you need to check whether the subordinate users have this role. } }
