Add RoleType and HasFullAccess to IRole #16781
Open
+710
−142
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #11920
A role now has a way to specify HasFullAccess instead of having to manually select all permissions. On the UI, when HasFullAccess is checked, all permissions will be hidden.
Additionally, a new RoleType was added to distinguish between Standard and System roles. On the UI, System roles cannot be removed.
Roles Now Include Types and an Option for Full Access to All Permissions
Two new properties have been added to the
IRole
interface:Type
: This property allows defining the role type as eitherStandard
orSystem
. System roles, such as 'Anonymous' and 'Authenticated', are non-removable.HasFullAccess
: This property eliminates the need to specify individual permissions. When set totrue
, the role is granted all permissions by default, which is particularly useful for roles likeAdministrator
.!!! note
When a user with a role that has
HasFullAccess
logs in, role-specific claims are excluded from the claims principal.