I would like to implement role-based filtering for the user list in Identity Management -> Users section. Specifically:
For non-admin users:
- The user list should be pre-filtered to exclude users with admin roles
- Users should not see the complete list by default
- They should only be able to view and manage non-admin users
For admin users:
- Full visibility of all users should be maintained
- They should continue to have access to the complete user list
- All management capabilities should remain unchanged
This enhancement would improve security by ensuring that non-admin users can only view and manage users within their permission level, while admin users retain full system visibility.
- ABP Framework version: 8.x
- UI Type: Angular
- Database System: PostgreSQL
- Auth Server Separated for Angular: no
3 Answer(s)
-
0
Hi, I will create an internal issue for your feature request. Thanks for your suggestion.
Regards.
-
0
Hi, I'm not looking for this to be added as a feature request - I need to implement this functionality **now ** in my current project. Could you please provide guidance on how to implement role-based filtering for the user list with these specific requirements?
For non-admin users:
- Filter out users with admin roles from the list
- Restrict view/management to non-admin users only
For admin users:
- Maintain full visibility of all users
- Keep all existing management capabilities
Thank you
-
0
Hi,
I'm not looking for this to be added as a feature request - I need to implement this functionality **now ** in my current project. Could you please provide guidance on how to implement role-based filtering for the user list with these specific requirements?For non-admin users:
- Filter out users with admin roles from the list
- Restrict view/management to non-admin users only
For admin users:
- Maintain full visibility of all users
- Keep all existing management capabilities
Thank you
Hi, sure. For that purpose, you should extend application services and interface implementations (https://abp.io/docs/latest/framework/architecture/modularity/extending/customizing-application-modules-overriding-services).
For example, you should extend the
IdentityUserAppService
and override some of its methods, such asGetListAsync
method and check if the current-user has anadmin
role or not and then call the relevant repository method (of course you should also create a new repository method for that purpose - maybe you can use custom Data-Filtering):[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IIdentityUserAppService))] public class MyIdentityUserAppService : IIdentityUserAppService, ITransientDependency { //... public override async Task<PagedResultDto<IdentityUserDto>> GetListAsync(GetIdentityUsersInput input) { if(!CurrentUser.IsInRole("admin")) { //call new repository method which filters to not show the 'admin' users } //keep the existing behaviour return await base.GetListAsync(input); } }