AdminUsersFeature Customization

Johan · July 12, 2023, 11:42am

Hi @myth

I’m playing with SS AdminUsersFeature. Just a couple of questions on this if you do not mind.

How do we enable the AddPermissions Dropdown in default screen

As I have a lot of permissions I normally have a couple of “default permission sets” (as in screen above) so that I don’t end up selecting say 30 permissions in the dropdown. Is there a way to incorporate something like this in the standard UI for AdminUsersFeature ?
Is there a way to see the existing password of the user selected ?
What is the recommended way to update the password for a user in the code behind. (not using the UI ) ?
In displaying the Users in the default table , is there a way to add say a highlighted color for rows where the User Account is locked for example ?

I assume grouped rows are not supported in the SS Datagrid / AdminUsersFeature Grid ?

I normally like to display grids with option to use a groupby feature as in example below.

RowGroupings

Thanks in advance.
Johan

mythz · July 12, 2023, 12:22pm

The available roles and permissions is discovered from the ValidateHasRole/ValidateHasPermission Request DTO attributes or the RequiredRole/RequiredPermission service attributes in the code-base. So your APIs need to use them for them to be available.

No, storing plain-text passwords would be a major security risk.

The UI uses APIs defined in AuthDtos.cs, e.g. the Admin UI uses AdminUpdateUser:

github.com

ServiceStack/ServiceStack/blob/7acaf0ddfd8422fa33916631add2d7e427792546/ServiceStack/src/ServiceStack.Client/AuthDtos.cs#L629-L638


      
          public partial class AdminUpdateUser : AdminUserBase, IPut, IReturn<AdminUserResponse>
          {
              [DataMember(Order = 10)] public string Id { get; set; }
              [DataMember(Order = 11)] public bool? LockUser { get; set; }
              [DataMember(Order = 12)] public bool? UnlockUser { get; set; }
              [DataMember(Order = 13)] public List<string> AddRoles { get; set; }
              [DataMember(Order = 14)] public List<string> RemoveRoles { get; set; }
              [DataMember(Order = 15)] public List<string> AddPermissions { get; set; }
              [DataMember(Order = 16)] public List<string> RemovePermissions { get; set; }
          }

Here’s the client code used to update the password:

github.com

ServiceStack/ServiceStack/blob/7acaf0ddfd8422fa33916631add2d7e427792546/ServiceStack/tests/NorthwindAuto/admin-ui/components/Users.mjs#L311-L317


      
          async function changePassword() {
              await send(new AdminUpdateUser({ id:props.id, password:model.value.password }), response => {
                  model.value.password = ''
                  successMessage.value = 'Password was changed'
                  bind(response)
              })
          }

No, you can propose feature requests in https://servicestack.net/ideas

Nope, it doesn’t support grouping.

Johan · July 12, 2023, 12:44pm

Thanks @myth,

Just for clarity, you are saying that by default the AdminUsersFeature UI cannot incorporate permissions except if I rebuild the view with added functionality ?
Any reason why this was not included by default in this View as I would assume permissions to be a feature that most devs will use ?

On viewing the password I’m implying the password will be stored as it is currently in the DB but the admin user can see (view) the password in the admin panel.

Thanks ,
Johan

mythz · July 12, 2023, 12:51pm

There are no storage of Permissions and Roles anywhere, the only way ServiceStack can now about them is by scanning what Roles and Permissions are used to protect Services.

There’s no way an App can view a password that wouldn’t be susceptible from a Hacker from also viewing the passwords which is why passwords are only stored in one-way hashes which can’t be reversed by anyone to reveal the original password.

Johan · July 12, 2023, 1:14pm

Thanks @mythz,

OK now I get it ;))

Johan · July 12, 2023, 1:39pm

One last question,is there perhaps a pre-submit event or something on the default view where I can incorporate some logic for the “default permission sets” as explained initially ?

mythz · July 12, 2023, 1:59pm

The UI is powered by the AppMetadata which you have an opportunity to modify with something like:

appHost.ModifyAppMetadata((req, metadata) => {
    var adminUsers = metadata.Plugins.AdminUsers;
    adminUsers.AllPermissions.Add("ThePermission");
    adminUsers.AllRoles.Add("TheRole");
});