Perspective: Error using hasRole(...) with only 1 argument

nminchin · September 21, 2020, 10:33pm

Yep. The benefit also to using a forward-thinking company’s software
Every other SCADA package that I (try not to) use is still using forum software from what feels like the 1800’s

Jonboy · January 18, 2022, 4:21pm

In my case, I have found that referring to the IdP does not work:
hasRole(“SupervisorRole”, {session.props.auth.user.userName}, {session.props.auth.idp})

But specifying my user source by name does mostly work:
hasRole(“SupervisorRole”, {session.props.auth.user.userName}, “TestUsers”)

I say mostly because the hasRole expression only works if the user who is logged in exists in the specified user source. This is a problem if the specified user source is configured for soft failover.

For example, I have two user sources defined - default and TestUsers. My project is configured to use TestUsers*. The user admin only exists in the default user source. TestUsers is configured for soft failover to default, so I can login as admin.

When I run the Perspective session, if I login as admin (who has the SupervisorRole) the hasRole expression does not work. It reports that user admin not found in user source TestUsers.

As a side note, I find specifying the user source for the project confusing. It’s shown in three different places and for someone coming from Vision it’s not initially clear that only one applies to Perspective.

Gateway, Config, Projects, my project, Edit, Connections, User Source. I think this only applies to Vision.
Designer, Project, Project Properties, Project General, Security Settings, User Source. I think this is the same as above and so only applies to Vision.
Gateway, Config, Identity Providers, my provider, Settings, User Source. I think this applies to Perspective.

tyler.bennett · April 12, 2024, 9:25pm

I'd suggest this be counted as a bug since actual behavior does not match documented behavior (when using hasRole in Perspective). I actually submitted a bug report before finding this forum thread.

I switched from:
hasRole("Administrator")
to:
isAuthorized(true, 'Authenticated/Roles/Administrator')

Ignition v8.1.39

[Update] I see it is pointed out in the documentation, easy to miss though...

The username and usersource parameters are optional in the client scope, but required in the Gateway scope.