[IMPLEMENTED] "Hide Schemas" and other Role Properties using custom claims based authentication

I have…

I’m submitting a…

  • [ ] Regression (a behavior that stopped working in a new release)
  • [ ] Bug report
  • [ ] Performance issue
  • [x] Documentation issue or request

Current behavior

When adding permissions for a user at the site level it is not possible to specify the other properties around hiding areas of the UI for certain Roles, for example ‘Hide Schemas’.

Expected behavior

I should be able to specify that I do not want them to show using permissions at the site level, for example: “squidex.apps.{app}.assets.view”. I didn’t raise a feature request as I do not know for sure whether this is currently possible or not!

Minimal reproduction of the problem


App Name: n/a

  • [x] Self hosted with docker
  • [ ] Self hosted with IIS
  • [ ] Self hosted with other version
  • [ ] Cloud version

Version: 6.9.0


  • [x] Chrome (desktop)
  • [ ] Chrome (Android)
  • [ ] Chrome (iOS)
  • [ ] Firefox
  • [ ] Safari (desktop)
  • [ ] Safari (iOS)
  • [ ] IE
  • [ ] Edge

Apologies if you’ve been asked this before, feel like I might have seen answer around this in another support ticket but I cannot find it if so.

As it isn’t listed in
https://github.com/Squidex/squidex/blob/master/backend/src/Squidex.Shared/Permissions.cs I am assuming it is handled separately to claims?

At the moment the current plan is to somehow assign a user to a Role for an app when they log in using our custom authentication application but that seems dodgy especially when it’s just so we can make use of this functionality.

It is not possible at the moment.

The role properties are just an anonymous object that is maintained by the UI for the UI. The backend does not care what the UI adds to this object.

So basically we could introduce a special notation for these claims and then you can override everything using claims.

The relevant code is this:

So what I meant, we could add something like this

// Pseudo code
const string Prefix = "urn:squidex.ui.";

for (var claim of User.Claims.Where(x => x.Key.StartWith(Prefix))
   result.RoleProperties[claim.Key.Substring(Prefix.Length)] = claim.Value;
1 Like

Ah I was looking at that yesterday so glad to hear I was looking in the right place!

That does sound promising and relatively simple, I will see if this is how we definitely want to go about things and whether I am OK to potentially work on it myself.

Am I right in saying a new feature like this would be part of version 7.x and not retrofitted to 6.x? We have not yet made the move to 7.x but this would give us a big drive to move to it, as if removing Orleans and all the warning and error logs we get from it wasn’t beneficial enough!

Yes, it is part of the 7.x branch.

oh you’ve already done it! Thanks so much, will test it out asap!

This topic was automatically closed after 2 days. New replies are no longer allowed.