Skip to content

Ensure config state is loaded before permission check #24567

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
oykuermann merged 1 commit into from
Jan 13, 2026
Merged

Ensure config state is loaded before permission check #24567

oykuermann merged 1 commit into from
Jan 13, 2026
+12 −5

Conversation

@fahrigedik
Copy link
Member

@fahrigedik fahrigedik commented Jan 7, 2026

Description

Fixes #24438
This PR fixes the issue where permissionGuard returns a 403 error and redirects to the base URL when refreshing a page that uses the new data: { requiredPolicy: '...' } format.

Root Cause

The permissionGuard was using take(1) which immediately consumed the first value from the BehaviorSubject in ConfigStateService. On page refresh, this initial value was an empty {} object before the application configuration API response arrived, causing the permission check to fail.

Solution

Added a filter operator to wait for grantedPolicies to be loaded before performing the permission check:

return configStateService.getAll$().pipe(
  filter(config => !!config?.auth?.grantedPolicies),
  take(1),
  switchMap(() => permissionService.getGrantedPolicy$(requiredPolicy)),
  take(1),
  map(access => { ... })
);

How to test it?

you have to change branch issue-24438-test on abp. (because i created test permission and test page)
you have to run dev-app on abp repository

First, try going to localhost:4200/test without assigning yourself the "test" role.
Then, assign yourself the "test" role and try going to the page again.

@fahrigedik
Ensure config state is loaded before permission check
e66291b 
Updated PermissionGuard and permissionGuard to wait for ConfigStateService to load granted policies before checking permissions. This prevents permission checks from running before configuration is available.
@fahrigedik fahrigedik added this to the 10.0-patch-final milestone Jan 7, 2026
@gizemmutukurt gizemmutukurt requested review from oykuermann and removed request for yagmurcelk January 13, 2026 06:11
@oykuermann oykuermann merged commit d6bca45 into rel-10.0 Jan 13, 2026
2 of 3 checks passed
@oykuermann oykuermann deleted the issue-24438 branch January 13, 2026 12:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sumeyyeKurtulus sumeyyeKurtulus sumeyyeKurtulus approved these changes

@oykuermann oykuermann oykuermann approved these changes

Assignees

No one assigned

Labels

ui-angular

Projects

None yet

Milestone

10.0-patch-final

Development

Successfully merging this pull request may close these issues.

4 participants

@fahrigedik @sumeyyeKurtulus @oykuermann