Perspective session security levels array

rberghammer · May 12, 2019, 2:04am

I’ve been playing with security levels in Perspective and using them to modify objects in a view. I’m using “session.props.auth.securityLevels[0].children” to create a list of the current user’s security levels.

Everything is working fine, but I’m having trouble understanding the structure of “session.props.auth.securityLevels”. Why is “securityLevels” itself an array? When would I ever access “session.props.auth.securityLevels[1]”?

Is there any documentation I can reference to learn more about this property’s structure? I’ve looked through the online manual, but I’m not really finding a good explanation.

jspecht · May 13, 2019, 3:24pm

Hi @rberghammer -

session.props.auth.securityLevels represents the deepest security levels in the tree granted to the user in the current session. It is an array because it represents the children of the implied “Public” security level (since all users are granted “Public” by default).

The relevant documentation is linked below. We could improve documentation regarding the perspective session prop. I’ll pass this feedback along to get that done.

https://docs.inductiveautomation.com/display/DOC80/Security+Levels
https://docs.inductiveautomation.com/display/DOC80/Session+Properties

rberghammer · May 13, 2019, 3:35pm

It is an array because it represents the children of the implied “Public” security level

This makes more sense now. I didn't really connect the dots between those two articles until now.

So in my code, I'm using session.props.auth.securityLevels[0].children. I'm guessing it would be better to choose the array index based on the name "Authenticated" instead of just using "0". Just in case a custom security level is created that is alphabetically earlier than "Authenticated". Or is the array not structured alphabetically?

jspecht · May 13, 2019, 3:42pm

The children are an unordered array, so if you are looking for a specific name, you would have to loop through the array until you find what you are looking for.

8.0.2 introduces a new script function in perspective which may be of interest to you:

system.perspective.isAuthorized(boolean isAllOf, String[] securityLevels)

isAllOf - true if the current user must have all of the given security levels to be authorized, false if the current user must have at least one of the given security levels to be authorized

securityLevels - one or more String paths to a security level node in the form “Path/To/Node”. Each level in the tree is delimited by a forward slash character.

Returns true if the user in the current session is authorized, false otherwise.

Example:

path1 = "Authenticated/Roles/Administrator"
path2 = "Foo/Bar/Baz"
isAuthorized = system.perspective.isAuthorized(False, [path1, path2])

We also introduce a new expression function along the same lines:

isAuthorized(boolean isAllOf, String... securityLevels)

isAllOf - true if the current user must have all of the given security levels to be authorized, false if the current user must have at least one of the given security levels to be authorized

securityLevels - one or more String paths to a security level node in the form “Path/To/Node”. Each level in the tree is delimited by a forward slash character.

Returns a qualified value with a boolean value which is true if the user in the current session is authorized, false otherwise. The quality of the qualified value is the worst of the qualities of all the qualified values of each argument.

Example:

isAuthorized(true, 'Authenticated/Roles/Administrator', 'Foo/Bar/Baz')

rberghammer · May 13, 2019, 3:52pm

Great, thanks for taking the time to answer my questions! I will definitely find a use for those new functions.