Open Closed

Access Dynamic Claim on the Angular APP #8223


User avatar
0
sukhdeep.dhillon created
  • ABP Framework version: v8.3.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no

As I'm using dynamic claims, on the backend I can see that CurrentUser service is getting updated if I change the role of the current user.

on the frontend, if I call authService.refreshToken() the access token gets updated too.

but, this.config.getOne$('currentUser').subscribe((currentUser) => { } DOES NOT get reflected with the latest role for the current user.

how can I access the dynamic claim changes on the frontend for the currentuser


21 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try to inject the ConfigStateService And call this.configState.refreshAppState();

  • User Avatar
    0
    sukhdeep.dhillon created

    Hi, I have the following method that I'm using to test the dynamic claims

    as you can see I'm changing the role of the current user on the backend.

    if I return the first line with CurrentUser.Roles, it still shows old roles, (this means CurrentUser service is not updating with latest data)

    but if I return the second line then it return the new roles

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    but if I return the second line then it return the new roles

    Yes. This is the default behavior.

    The CurrentUser values from HttContext.User.

    You can Changing the Current Principal

    https://abp.io/docs/latest/framework/infrastructure/current-user#changing-the-current-principal

  • User Avatar
    0
    sukhdeep.dhillon created

    lets say If I don't want to change the Current Principal, but the other approach I'm taking to change the role of the user.

    is it right approach or is there any better way to solve it.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can get roles from user instead of CurrentUser.

    The CurrentUser values from HttContext.User.

  • User Avatar
    0
    sukhdeep.dhillon created

    hi,

    so far what I have understood is that. if I wanna change the role of the current user (dynamic claim) so I should stick with IdentityUserManager to change the role of the current user, but for other purpose I can use CurrentUser service to read some data about user.

    because in my implementation, all I wanna do change the role of the current user based on some conditions.

    am I correct ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You should get the user, user roles from UserManager based on the CurrentUser.Id

    var user = await _identityUserManager.GetByIdAsync(CurrentUser.GetId());

    Then check the user roles to add your logic. For example, you could add or remove a role from the user.

    if you want to return a string message. you can get it from user entity instead of CurrentUser.

    the user entity has a higher priority than the CurrentUser.


    In short, the CurrentUser is used to get the user entity.

  • User Avatar
    0
    sukhdeep.dhillon created

    thank you for explaining this,

    from this, what I understood is that, I should always use _identityUserManager to change any dynamic claim for the current user.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Yes. Correct. : )

  • User Avatar
    0
    sukhdeep.dhillon created

    Hi,

    isGranted variable doesn't relfect the latest value when role is updated in this method before get to this line,

    but in the next call, isGranted has the expected value and working fine.

    so when role is changed, the associated permission of the role doesn't reflect in the same call.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    isGranted variable doesn't relfect the latest value when role is updated in this method before get to this line,

    You can Changing the Current Principal and then check the permission.

    https://abp.io/docs/latest/framework/infrastructure/current-user#changing-the-current-principal

    The permission check will use the values from CurrentUser.

  • User Avatar
    0
    sukhdeep.dhillon created

    is there any other way to check the permission without changing the current principal.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can only change the current principal.

  • User Avatar
    0
    sukhdeep.dhillon created

    I don't understand I'm changing the role with _IdentityUserManager for dynamic claims then I 'm changing current principal to check the permissions.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You have changed the user entity. but the CurrentUser values from HttpContext.User

    The HttpContext.User values come from cookies or jwt token. They are static in the current request and will update from the user entity in the next HTTP request.

    That's why you have to change the current principal

  • User Avatar
    0
    sukhdeep.dhillon created

    based on the documentation you shared to change the current principal,

    how can I create new Current principal with all the values of the existing principal and change only the role.

    could you please give me code example based on the screenshot I shared before

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Inject the ICurrentPrincipalAccessor and IUserClaimsPrincipalFactory<IdentityUser>

    var identityUser = 
    using (CurrentPrincipalAccessor.Change(await UserClaimsPrincipalFactory.CreateAsync(identityUser)))
    {
    
    }
    
  • User Avatar
    0
    sukhdeep.dhillon created

    just to understand, based on this screenshot

    I'm doing the following:

    1. getting the IdentityUser from _identityUserManager
    2. Set new Role with _identityUserManager
    3. Creating new CurrentUser with _principalfactory by passing IdentityUser
    4. within the scope of _currentPrincipalAccessor, CurrentUser is changed (this is where I need to apply the logic)
    5. once the scope is completed, again the current user is back to whatever it was before

    please correct me if I'm missing anything

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Your code is no problem.

  • User Avatar
    0
    sukhdeep.dhillon created

    thank you for helping me out.

    I will keep this thread open and get back to you if I need further help.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

Made with ❤️ on ABP v9.1.0-preview. Updated on January 02, 2025, 07:06