I am getting an error loading a page when Permission is configured with Security Restrict in Server Actions. Authentication is working. I can load the page if there is no permission configured with Security Restrict (can load the page when logged in, cannot load when not logged in).
Here’s the configuration in the Security Provider settings:
I have 2 tables, app_user (contains userid, username, password) and app_user_group_map (contains userid and groupid for the permission).
I have already tried using a table view that contains both the userid, groupid, and permission name on which I set the Condition value for for a different set of tests.
From your code i think you may have the identity field set incorrectly, it should be the primary key in the users table and a foreign key in the permissions
Hello @Hyperbytes, yes I have watched the video.
I have the following DB configuration. I am supposed to be using a 3-table setup. But I can still use a 2-table setup with the consideration of using the app_group_id as the Conditions value. So in effect, I am only using tables app_user and app_user_group_map (as seen on my initial post’s screenshot).
My other test using a table view created from the JOINs of the 3 tables also has the same error. Here’s the configuration in Wappler using the table view view_userprivilege:
Hi @scott, you are referring to the last screenshot which is using a table view.
I have tested a couple of times, first one is using the 2-table approach and the second one is using the table view. The table view has the pid.
Hi @patrick, @Teodor, below is the StackTraceString in case you need it.
"StackTraceString": " at Newtonsoft.Json.Linq.JObject.get_Item(Object key)\r\n at DMXzone.ServerConnect.Security.DatabaseProvider.Permissions(JToken identity, JArray rules) in d:\\Develop\\DMXzone Server Connect\\ASPNET_Source\\DMXzone Security Provider\\Security\\DatabaseProvider.cs:line 53\r\n at DMXzone.ServerConnect.Security.SecurityProvider.Restrict(JObject options) in d:\\Develop\\DMXzone Server Connect\\ASPNET_Source\\DMXzone Security Provider\\Security\\SecurityProvider.cs:line 182\r\n at DMXzone.ServerConnect.Module.AuthModule.Restrict(JObject options) in d:\\Develop\\DMXzone Server Connect\\ASPNET_Source\\DMXzone Security Provider\\Module\\AuthModule.cs:line 87",
Ok, looking back at the top, let me try to understand what is happening. You said that you can load the page if you do not have a permission configured with Security Restrict and you can load the page when you are logged in. But you can not load the page when you are not logged in.
This sounds right. Security Restrict will not display data if you are not logged in with the right permissions.
Do you have other content on the page that is supposed to load outside of what Security Restrict is protecting?
Hi @scott, yes you are right. I am trying to explain that it works fine when there is no permission set, i.e. I can load the page when logged in and cannot when not. This means authentication is working. But the time when the permission is set, I am getting HTTP 500 with the error “Accessed JObject values with invalid key value”.
