The sample code given for system.user.getUser():
userName = system.security.getUsername()
user = system.user.getUser("", userName)
when called from a perspective view onStartup event (and elsewhere I presume) results in:
- AttributeError: ‘com.inductiveautomation.ignition.common.script.Imm’ object has no attribute ‘getUsername’
- java.lang.IllegalArgumentException: User Source “” not found.
The work around for the first is to use session.auth.user.userName.
The work around for the second is to specify “default” for the user source.
I have not found a way to iterate the session.auth.user.roles property, but user.getRoles() may be used to do so.
I’ll let somebody from Documentation speak for the system.user issues, but system.security.getUsername is scoped to ONLY work in VISION; any methods which do NOT have a scope of “Gateway” are not available in Perspective.
I wanted to point out that Perspective Sessions are secured using security levels and Identity providers. So I can’t see the reason why you would need to call these functions in the first place. I know we can have internal Identity Providers that point at users sources, but the idea is that the information in the user source (such as roles) maps to security levels, and you then use those to secure your project and validate your users. Going around that system is ill advised.
I guess the real questions is what are you trying to accomplish with this on a startup script? Perspective is a system that is very different from Vision, so the way that something was done in Vision is not necessarily the way to do it in Perspective.
3 Likes
I believe the intended implementation for native Ignition 8 apps will be to use the security levels rather than roles. I was experimenting with behavior that would be ported from Ignition 7.9 apps with role-based security, and entering the target perspective view directly in the address bar to see if I could get it to navigate away from the view back to a home screen. I agree that the documentation does give specific behavior for vision clients.
I was trying to work around session.auth.user.roles being of type object and not an iterable list. Is this by design?