I would like to implement role-based filtering for the user list in Identity Management -> Users section. Specifically:
For non-admin users:
-
The user list should be pre-filtered to exclude users with admin roles
-
Users should not see the complete list by default
-
They should only be able to view and manage non-admin users
For admin users:
-
Full visibility of all users should be maintained
-
They should continue to have access to the complete user list
-
All management capabilities should remain unchanged
This enhancement would improve security by ensuring that non-admin users can only view and manage users within their permission level, while admin users retain full system visibility.
-
ABP Framework version: 8.x
-
UI Type: Angular
-
Database System: PostgreSQL
-
Auth Server Separated for Angular: no
3 Answer(s)
-
0
Hi, I will create an internal issue for your feature request. Thanks for your suggestion.
Regards.
-
0
Hi,
I'm not looking for this to be added as a feature request - I need to implement this functionality **now ** in my current project. Could you please provide guidance on how to implement role-based filtering for the user list with these specific requirements?For non-admin users:
-
Filter out users with admin roles from the list
-
Restrict view/management to non-admin users only
For admin users:
-
Maintain full visibility of all users
-
Keep all existing management capabilities
Thank you
-
-
0
Hi,
I'm not looking for this to be added as a feature request - I need to implement this functionality **now ** in my current project. Could you please provide guidance on how to implement role-based filtering for the user list with these specific requirements?For non-admin users:
-
Filter out users with admin roles from the list
-
Restrict view/management to non-admin users only
For admin users:
-
Maintain full visibility of all users
-
Keep all existing management capabilities
Thank you
Hi, sure. For that purpose, you should extend application services and interface implementations (https://abp.io/docs/latest/framework/architecture/modularity/extending/customizing-application-modules-overriding-services).
For example, you should extend the
IdentityUserAppServiceand override some of its methods, such asGetListAsyncmethod and check if the current-user has anadminrole or not and then call the relevant repository method (of course you should also create a new repository method for that purpose - maybe you can use custom Data-Filtering):[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IIdentityUserAppService))] public class MyIdentityUserAppService : IIdentityUserAppService, ITransientDependency { //... public override async Task<PagedResultDto<IdentityUserDto>> GetListAsync(GetIdentityUsersInput input) { if(!CurrentUser.IsInRole("admin")) { //call new repository method which filters to not show the 'admin' users } //keep the existing behaviour return await base.GetListAsync(input); } } -
