[IGN-8414] system.perspective.isAuthorized does not work as specified

liam1 · September 15, 2023, 10:47am

The system.perspective.isAuthorized function does not work as specified.

When I set the isAllOf to False it does not return True , even through a path that matches the users security level exist in the list.

isAuthorized=system.perspective.isAuthorized(False,['Paarl', 'Paarl/A_01', 'Paarl/A_01/PC_01'])

Below is a user with the following security level.

Here the function works , isAuthorized returns 1.

When I change the users security level to one level less on the gateway, but keep the path list for the function the same.

It fails?

It seems to only check the most specific path in the list instead of all items in the list ,which is not what the documentation describes.

liam1 · September 15, 2023, 1:38pm

My current work around was to create a custom function to implement this check.

Hopefully this gets fixed soon.

cmallonee · September 15, 2023, 3:31pm

That's interesting. I've verified this on our side and opened an internal ticket to address the issue. While it's unfortunate that it doesn't work in this scenario, the silver lining is that the result is a false negative instead of a false positive.

jspecht · September 15, 2023, 5:41pm

Any user granted security level Paarl/A_01/PC_01 is granted security levels Paarl/A_01 and Paarl by design. So when you make a call like this:

system.perspective.isAuthorized(False,['Paarl', 'Paarl/A_01', 'Paarl/A_01/PC_01'])

it simplifies to:

system.perspective.isAuthorized(False,['Paarl'])

system.perspective.isAuthorized does not currently perform this simplification for you, but it should in order to comply with the documented behavior and to just be nice to the user, so that is what Cody's ticket IGN-8414 will be all about.

In the meantime, you will have to manually simplify your arguments passed to the scripting function.

liam1 · September 15, 2023, 6:06pm

Thank you for the update.