Home/ Questions/Q 8354697
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T09:37:53+00:00

I am developing a site and have 3 basic user roles. The roles are

  • 0

I am developing a site and have 3 basic user roles. The roles are “admin”, “manager”, and “user”. I have blocked basic users from certain pages, but allow admin and managers access to others. I have created a seperate page to delete users, however, I do not want to allow someone from the role of “manager” to be able to delete someone from the role of “admin”. “user” roles do not have access to this page so I’m not worried about that. I have a drop down list that shows all the users and a button to remove the selected user and it is working. I would just like to add the security of not allowing “manager” roles to delete someone from an “admin” role.

Here is the code that I have so far for the onClick event:

string adminuser;
usertodelete = usersddl.SelectedItem.ToString();
if (Roles.GetRolesForUser(usertodelete) = "admin")
   adminuser = "admin";

if (Roles.IsUserInRole("admin") && User.IsInRole("manager"))
    statuslbl.Text = "You do not have sufficient privileges to remove this user.    Only Administrator's can remove administrators from the system.";

else
{
    System.Web.Security.Membership.DeleteUser(usertodelete);
    Response.Redirect("~/Account/DeleteAccount.aspx");
}

I know my if statements are wrong at this point in finding and assigning a certain user and checking their role.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would just like to add the security of not allowing “manager” roles to delete someone from an “admin” role.

    if (Roles.GetRolesForUser(userToDelete).Contains("admin") && !User.IsInRole("admin"))
{   // only allow admins to remove other admins.
   statuslbl.Text = "You do not have sufficient privileges to remove this user.    Only Administrator's can remove administrators from the system."; 
} else {
}
    • 0