I would split this requirement into two separate indicators, one for determining whether a client is running on the gateway or not, the other checking the required role.
I would implement the first requirement with a client startup script that interrogates the local network interfaces and checks for the mac IDs of the gateway (those could be hard-coded into the script). And then writes the result to a boolean tag like [Client]RunningInGateway
. Such script only runs in a client, so designers would be excluded by default. (Note, a designer could just toggle that boolean to get around this, but you can't really stop anyone with designer privileges from going around your security.) This script might help you:
I would implement the latter requirement as a boolean custom property, IsPrivileged
perhaps, on the window containing the restricted pushbuttons, bound to the hasRole() expression function.
The pushbuttons in question would have the expression {[Client]RunningInGateway} && {Root Container.IsPrivileged}
bound to their enable property.