How to give Backoffice admin access to a user group by code

I need to add a user to the backoffice admin group. How to do it.
I was thinking to create a group with backoffice permissions and add the user to it.

I can create group and add the users, but not sure how give backoffice permissions for the group.

var person = GetPerson();
var groupName = "NewAdminGroup";
var defaultGroupTemplate = fieldTemplateService.GetAll().OfType<GroupFieldTemplate>().FirstOrDefault();
var userGroup = new StaticGroup(defaultGroupTemplate.SystemId, groupName)
{
	Id = groupName
};

using (securityContextService.ActAsSystem())
{
	// create group
	groupService.Create(userGroup);
	
	// Add person into the group
	person = person.MakeWritableClone();
	person.GroupLinks.Add(new PersonToGroupLink(userGroup.SystemId));
	personService.Update(person)
	
	// Add Backoffice permsion into the group
	.....
}

I’m not sure how you would find the information the first time.
But what you want to add is

group.AccessControlOperationList = new HashSet<AccessControlOperationEntry>
            {
                new AccessControlOperationEntry(new Operation("Test")),
                new AccessControlOperationEntry(new Operation("Test2"))
            };

The values to add in Operation() can be found be getting a manually created group and looping the values. But I don’t know how to find them in code the first time, but these are the operations you want to add.

[0]: "Function/Sales/UI"
[1]: "Function/Media/Content"
[2]: "Function/Products/Settings"
[3]: "Function/Websites/UI"
[4]: "Function/Products/UI"
[5]: "Function/Connect/Erp"
[6]: "Function/Sales/Settings"
[7]: "Function/Products/Content"
[8]: "Function/Connect/Shipments"
[9]: "Function/Websites/Settings"
[10]: "Function/SystemSettings"
[11]: "Function/Media/UI"
[12]: "Function/Customers/Content"
[13]: "Function/Websites/Content"
[14]: "Function/Sales/Content"
[15]: "Function/AdminWebApi"
[16]: "Function/Media/Settings"
[17]: "Function/SwaggerUI"
[18]: "Function/Customers/Settings"
[19]: "Function/Customers/UI"
[20]: "Function/Connect/Payments"

There was a service for it, OperationDefinitionService

So you can use this to get all the strings you need to add
_operationDefinitionService.GetAll().Where(x => x is FunctionOperationDefinition);

_operationDefinitionService.GetAll().Where(x => x is FunctionOperationDefinition).Select(x => x.Id)
{System.Linq.Enumerable.WhereSelectEnumerableIterator<Litium.Security.OperationDefinition, string>}
    [0]: "Function/AdminWebApi"
    [1]: "Function/Connect/Erp"
    [2]: "Function/Connect/Payments"
    [3]: "Function/Connect/Shipments"
    [4]: "Function/Customers/Content"
    [5]: "Function/Customers/Settings"
    [6]: "Function/Customers/UI"
    [7]: "Function/Media/Content"
    [8]: "Function/Media/Settings"
    [9]: "Function/Media/UI"
    [10]: "Function/Products/Content"
    [11]: "Function/Products/Settings"
    [12]: "Function/Products/UI"
    [13]: "Function/Sales/Content"
    [14]: "Function/Sales/Settings"
    [15]: "Function/Sales/UI"
    [16]: "Function/SwaggerUI"
    [17]: "Function/SystemSettings"
    [18]: "Function/Websites/Content"
    [19]: "Function/Websites/Settings"
    [20]: "Function/Websites/UI"

Hi @Ericsj11

Fetching all the AccessControlOperationEntry list by using OperationDefinitionService and add that into the .AccessControlOperationList works.

Thanks for answering.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.