Hello support, I've got problem understanding how Volo.Abp.Users.ICurrentUser 's function IsInRole works when user is in multiple roles. Did you intent for this function only to work with one role or there is a way to check if user is in one of the roles user currently belongs to? Can you explain why when there is multiple role claims you use string representation like "["Role1","Role2"]". Is that intentionally or is it a bug?
When reading this documentation https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/Volo/Abp/Users/CurrentUser.cs I don't see how this work for multiple roles. I think there should be multiple role claims.
I'm using ABP framework version 4.4.2 with Blazor web assembley for UI with EF Core /MSSQL for db.
Regards,
7 Answer(s)
-
0
Hi @kresimirm, There can be more than one value for Role claim (
AbpClaimTypes.Role
).A claims identity can have multiple claims with the same ClaimType.
AbpClaimTypes.Role
in our situation.- You can use Roles property of
ICurrentUser
interface to get all distinct role names. And then you can create an extension method to query the user is in multiple roles or not like below.
public static class CurrentUserExtensions { public static bool IsInSpecifiedRoles(this ICurrentUser currentUser, string[] roles) { var userRoles = currentUser.Roles; return userRoles.All(userRole => roles.Contains(userRole)); } }
- You can use Roles property of
-
0
Dear EngincanV, thank you for your answer but this code snippet wont work.
If my current user is in two roles "Role1" and "Role2" currentUser.Roles will return string[] that contains one record with stringified '["Role1","Role2"]' so I will have to split or deserialize that string to check if user is in "Role1".
Furthermore, if user is just in one role currentUser.Roles will retrurn "RoleName" as simple string record so your code wont work again becasue it will compare "Role1" with '["Role1","Role2"]' .
I could solve this problem with few checks like is there '[' in record but it feels like hacking framework.
Can you check your answer one more time?
-
0
Hi @kresimirm,
If my current user is in two roles "Role1" and "Role2" currentUser.Roles will return string[] that contains one record with stringified '["Role1","Role2"]' so I will have to split or deserialize that string to check if user is in "Role1".
- It will return a string array like => ["Role1", "Role2"] (not as stringified. So you can be able to query it.)
Furthermore, if user is just in one role currentUser.Roles will retrurn "RoleName" as simple string record so your code wont work again becasue it will compare "Role1" with '["Role1","Role2"]' .
- Yes you are right. I've used
.Any
instead of.All
method of Linq in the previous answer, sorry for the misunderstanding. You can use the following code-snippet. - If the current user has one role but you want to check it has multiple roles, isn't it the expected behaviour to return false?
public static class CurrentUserExtensions { public static bool IsInSpecifiedRoles(this ICurrentUser currentUser, string[] roles) { var userRoles = currentUser.Roles; return userRoles.All(userRole => roles.Contains(userRole)); } }
- If you want to check for just one role use the
IsInRole
method ofICurrentUser
, Otherwise you can use the above code-snippet to check the current user has the all roles that you've specified or not. Or you can implement your own logic for other use-cases.
-
0
-
0
Hi EngincanV, I've got one more question. Is your code snippet working on server or client side? Because I don't have problem using it on back-end side of code (it works exacly as you sugest) . I've got problem using it on front-end, inside blazor component. Can you check that for me?
-
0
hi
Can you try to add the
AbpAccountClaimsPrincipalFactory
?https://github.com/abpframework/abp/issues/8888#issuecomment-833167705
-
0
Thank you! Now roles are working as expected.