Starts in:
0 DAY
12 HRS
45 MIN
37 SEC
Starts in:
0 D
12 H
45 M
37 S
Open Closed

User roles #1927


User avatar
0
kresimirm created

Hello support, I've got problem understanding how Volo.Abp.Users.ICurrentUser 's function IsInRole works when user is in multiple roles. Did you intent for this function only to work with one role or there is a way to check if user is in one of the roles user currently belongs to? Can you explain why when there is multiple role claims you use string representation like "["Role1","Role2"]". Is that intentionally or is it a bug?

When reading this documentation https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/Volo/Abp/Users/CurrentUser.cs I don't see how this work for multiple roles. I think there should be multiple role claims.

I'm using ABP framework version 4.4.2 with Blazor web assembley for UI with EF Core /MSSQL for db.

Regards,


7 Answer(s)
  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    Hi @kresimirm, There can be more than one value for Role claim (AbpClaimTypes.Role).

    A claims identity can have multiple claims with the same ClaimType. AbpClaimTypes.Role in our situation.

    • You can use Roles property of ICurrentUser interface to get all distinct role names. And then you can create an extension method to query the user is in multiple roles or not like below.
    public static class CurrentUserExtensions
    {
        public static bool IsInSpecifiedRoles(this ICurrentUser currentUser, string[] roles)
        {
            var userRoles = currentUser.Roles;
            return userRoles.All(userRole => roles.Contains(userRole));
        }
    }        
    
  • User Avatar
    0
    kresimirm created

    Dear EngincanV, thank you for your answer but this code snippet wont work.

    If my current user is in two roles "Role1" and "Role2" currentUser.Roles will return string[] that contains one record with stringified '["Role1","Role2"]' so I will have to split or deserialize that string to check if user is in "Role1".

    Furthermore, if user is just in one role currentUser.Roles will retrurn "RoleName" as simple string record so your code wont work again becasue it will compare "Role1" with '["Role1","Role2"]' .

    I could solve this problem with few checks like is there '[' in record but it feels like hacking framework.

    Can you check your answer one more time?

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    Hi @kresimirm,

    If my current user is in two roles "Role1" and "Role2" currentUser.Roles will return string[] that contains one record with stringified '["Role1","Role2"]' so I will have to split or deserialize that string to check if user is in "Role1".

    • It will return a string array like => ["Role1", "Role2"] (not as stringified. So you can be able to query it.)

    Furthermore, if user is just in one role currentUser.Roles will retrurn "RoleName" as simple string record so your code wont work again becasue it will compare "Role1" with '["Role1","Role2"]' .

    • Yes you are right. I've used .Any instead of .All method of Linq in the previous answer, sorry for the misunderstanding. You can use the following code-snippet.
    • If the current user has one role but you want to check it has multiple roles, isn't it the expected behaviour to return false?
    public static class CurrentUserExtensions
    {
        public static bool IsInSpecifiedRoles(this ICurrentUser currentUser, string[] roles)
        {
            var userRoles = currentUser.Roles;
            return userRoles.All(userRole => roles.Contains(userRole));
        }
    } 
    
    • If you want to check for just one role use the IsInRole method of ICurrentUser, Otherwise you can use the above code-snippet to check the current user has the all roles that you've specified or not. Or you can implement your own logic for other use-cases.

  • User Avatar
    0
    kresimirm created

    Hi EngincanV, I'm not getting roles same way you do. Will check my solution settings. Thank you for your time.

  • User Avatar
    0
    kresimirm created

    Hi EngincanV, I've got one more question. Is your code snippet working on server or client side? Because I don't have problem using it on back-end side of code (it works exacly as you sugest) . I've got problem using it on front-end, inside blazor component. Can you check that for me?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you try to add the AbpAccountClaimsPrincipalFactory?

    https://github.com/abpframework/abp/issues/8888#issuecomment-833167705

  • User Avatar
    0
    kresimirm created

    Thank you! Now roles are working as expected.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06