- ABP Framework version: v8.3.2
- UI Type: Angular
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): no
As I'm using dynamic claims, on the backend I can see that CurrentUser service is getting updated if I change the role of the current user.
on the frontend, if I call authService.refreshToken()
the access token gets updated too.
but, this.config.getOne$('currentUser').subscribe((currentUser) => { }
DOES NOT get reflected with the latest role for the current user.
how can I access the dynamic claim changes on the frontend for the currentuser
21 Answer(s)
-
0
hi
You can try to inject the
ConfigStateService
And callthis.configState.refreshAppState();
-
0
Hi, I have the following method that I'm using to test the dynamic claims
as you can see I'm changing the role of the current user on the backend.
if I return the first line with CurrentUser.Roles, it still shows old roles, (this means CurrentUser service is not updating with latest data)
but if I return the second line then it return the new roles
-
0
hi
but if I return the second line then it return the new roles
Yes. This is the default behavior.
The
CurrentUser
values from HttContext.User.You can
Changing the Current Principal
https://abp.io/docs/latest/framework/infrastructure/current-user#changing-the-current-principal
-
0
lets say If I don't want to change the Current Principal, but the other approach I'm taking to change the role of the user.
is it right approach or is there any better way to solve it.
-
0
hi
You can get
roles
fromuser
instead ofCurrentUser
.The
CurrentUser
values fromHttContext.User
. -
0
hi,
so far what I have understood is that. if I wanna change the role of the current user (dynamic claim) so I should stick with IdentityUserManager to change the role of the current user, but for other purpose I can use CurrentUser service to read some data about user.
because in my implementation, all I wanna do change the role of the current user based on some conditions.
am I correct ?
-
0
hi
You should get the
user, user roles
fromUserManager
based on theCurrentUser.Id
var user = await _identityUserManager.GetByIdAsync(CurrentUser.GetId());
Then check the
user roles
to add your logic. For example, you could add or remove a role from theuser
.if you want to return a string message. you can get it from
user
entity instead ofCurrentUser
.the
user
entity has a higher priority than theCurrentUser
.
In short, the
CurrentUser
is used to get theuser
entity. -
0
thank you for explaining this,
from this, what I understood is that, I should always use _identityUserManager to change any dynamic claim for the current user.
-
0
Yes. Correct. : )
-
0
-
0
hi
isGranted variable doesn't relfect the latest value when role is updated in this method before get to this line,
You can
Changing the Current Principal
and then check the permission.https://abp.io/docs/latest/framework/infrastructure/current-user#changing-the-current-principal
The permission check will use the values from
CurrentUser
. -
0
is there any other way to check the permission without changing the current principal.
-
0
hi
You can only
change the current principal.
-
0
I don't understand I'm changing the role with _IdentityUserManager for dynamic claims then I 'm changing current principal to check the permissions.
-
0
hi
You have changed the
user
entity. but theCurrentUser
values fromHttpContext.User
The
HttpContext.User
values come fromcookies
orjwt token
. They are static in the current request and will update from theuser
entity in the next HTTP request.That's why you have to change the
current principal
-
0
based on the documentation you shared to change the current principal,
how can I create new Current principal with all the values of the existing principal and change only the role.
could you please give me code example based on the screenshot I shared before
-
0
hi
Inject the
ICurrentPrincipalAccessor
andIUserClaimsPrincipalFactory<IdentityUser>
var identityUser = using (CurrentPrincipalAccessor.Change(await UserClaimsPrincipalFactory.CreateAsync(identityUser))) { }
-
0
just to understand, based on this screenshot
I'm doing the following:
- getting the IdentityUser from _identityUserManager
- Set new Role with _identityUserManager
- Creating new CurrentUser with _principalfactory by passing IdentityUser
- within the scope of _currentPrincipalAccessor, CurrentUser is changed (this is where I need to apply the logic)
- once the scope is completed, again the current user is back to whatever it was before
please correct me if I'm missing anything
-
0
hi
Your code is no problem.
-
0
thank you for helping me out.
I will keep this thread open and get back to you if I need further help.
-
0
: )