Open michburger opened 1 week ago
@michburger
When you logged on to Viya, did you answer in the positive to a prompt similar to the picture below This dialog might look different in your case based on how Viya was configured?
What is the prompt you see when the code tries to read a cas table?
Note: restaf itself is not aware of access rights. It assumed that the Viya API's will handle all such issues.
Dear devakumaraswamy,it is no visible prompt. The result of a cas query contains some query and restaf simply cannot proceed.Will send you the details tomorrow.Michael Michael Burger SoftMatch.net -------- Ursprüngliche Nachricht --------Von: devakumaraswamy @.> Datum: 20.10.24 16:36 (GMT+01:00) An: sassoftware/restaf @.> Cc: Michael Burger @.>, Mention @.> Betreff: Re: [sassoftware/restaf] Administrator login, CAS access callback (Issue #119) @michburger
When you logged on to Viya, did you answer in the positive to a prompt similar to the picture below image.png (view on web) This dialog might look different in your case based on how Viya was configured?
What is the prompt you see when the code tries to read a cas table?
Note: restaf itself is not aware of access rights. It assumed that the Viya API's will handle all such issues.
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: @.***>
Want to add a data point: If the table has access rights specified, the admin user does not have "super-power" to access the tables. This makes sense - since folks who do Viya administration are not usually permitted to see business data.
Seems that the issue got resolved with an update from SAS Viya ... I mean if I'm logged on as administrator, there is no need for other ask back.
I could reproduce: as administrator CAS is asking whether I'd like to elevate but using restaf I cannot answer:
{ "auth_request": { "clientId": "sas.casControl", "scope": [ "openid", "uaa.user", "SASAdministrators" ], "requestParameters": { "response_type": "code", "redirect_uri": "/casManagement/", "state": "dd5b4750-c990-4b4d-93a7-02101d053f12", "client_id": "sas.casControl" }, "approvalParameters": {}, "state": "dd5b4750-c990-4b4d-93a7-02101d053f12", "responseTypes": [ "code" ], "resourceIds": [ "sas.casControl", "openid", "uaa" ], "authorities": [ { "authority": "uaa.resource" }, { "authority": "sasapp" } ], "approved": false, "redirectUri": "/casManagement/", "extensions": {} }, "approved_scopes": [], "denied_scopes": [ { "code": "scope.SASAdministrators", "text": "SASAdministrators" } ], "options": { "confirm": { "path": "/SASLogon/oauth/authorize", "location": "https://sdtb-viya-emea.siemens-healthineers.com/SASLogon/oauth/authorize", "value": "true", "key": "user_oauth_approval" }, "deny": { "path": "/SASLogon/oauth/authorize", "location": "https://sdtb-viya-emea.siemens-healthineers.com/SASLogon/oauth/authorize", "value": "false", "key": "user_oauth_approval" } }, "redirect_uri": "/casManagement/", "undecided_scopes": [], "scopes": [ { "code": "scope.SASAdministrators", "text": "SASAdministrators" } ], "message": "To confirm or deny access POST to the following locations with the parameters requested.", "client_display_name": "sas.casControl" }
restaf.min.js:7 Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'map') at restaf.min.js:7:38813 at e.a (restaf.min.js:7:39141) at restaf.min.js:1:79106
@michburger I do not quite follow your responses.
@michburger can you comment on my questions? Want to make sure your issue is resolved.
Thanks... Deva
Dear Deva, unfortunately I was wrong: The issue is not fixed.
Typically, the problem shows up in Edge and in the Console I can find this output when working as Administrator in Viya:
Uncaught (in promise) TypeError: Cannot read properties of undefined (reading 'map') at restaf.min.js:7:38813 at e.a (restaf.min.js:7:39141) at restaf.min.js:1:79106
The background: We've created a custom frontend as an IFrame / WebContent in the Viya report. That means, we're using the Viya login and host an additional web part inside. That means, my administrator login is valid for restaf.
For this case, restaf seems not yet to be prepared:
"/casManagement/" !== t.href && "/casManagement" !== t.href || "GET" !== t.method || (e.data.results.links = e.data.results.links.map((function(t) {
return "collection" === t.rel && (t.title = "servers",
t.rel = "servers",
t.patch = "cas"),
t
}
The problem is with this check in the first line because in this situation the variables are set as: t.method: "GET" t.href: "/casManagement/" e.status: 200 e.data.results.links is undefined - which causes the whole process to stop here.
the e.data.results object actually is a query related to admin access:
{ "auth_request": { "clientId": "sas.casControl", "scope": [ "openid", "uaa.user", "SASAdministrators" ], "requestParameters": { "response_type": "code", "redirect_uri": "/casManagement/", "state": "1b9a6562-95d1-48c6-a5df-2c75a4ff15d9", "client_id": "sas.casControl" }, "approvalParameters": {}, "state": "1b9a6562-95d1-48c6-a5df-2c75a4ff15d9", "responseTypes": [ "code" ], "resourceIds": [ "sas.casControl", "openid", "uaa" ], "authorities": [ { "authority": "uaa.resource" }, { "authority": "sasapp" } ], "approved": false, "redirectUri": "/casManagement/", "extensions": {} }, "approved_scopes": [], "denied_scopes": [ { "code": "scope.SASAdministrators", "text": "SASAdministrators" } ], "options": { "confirm": { "path": "/SASLogon/oauth/authorize", "location": "https://sdtb-viya-emea.siemens-healthineers.com/SASLogon/oauth/authorize", "value": "true", "key": "user_oauth_approval" }, "deny": { "path": "/SASLogon/oauth/authorize", "location": "https://sdtb-viya-emea.siemens-healthineers.com/SASLogon/oauth/authorize", "value": "false", "key": "user_oauth_approval" } }, "redirect_uri": "/casManagement/", "undecided_scopes": [], "scopes": [ { "code": "scope.SASAdministrators", "text": "SASAdministrators" } ], "message": "To confirm or deny access POST to the following locations with the parameters requested.", "client_display_name": "sas.casControl" }
@michburger I and several folks run restaf based apps in webcontent.
You need to make sure that the logon information to restaf is set properly. When running under webcontent, This is the code I use:
let logonPayload = {
host: "your viya server url",
authType: "server"
}
let store = restaf.initStore({casProxy: true});
let msg = await store.logon(logonPayload);
let {casManagement} = await store.addServices('casManagement');
is your code similar to this?
Dear Deva, the code of the respective dashboards has two differences:
would one or both changes correct the behavior?
Michael:
Data point: Viya changed the default settings for CORS. This has caused issues for me. Still working with developers to understand why the new settings cause issues with access from user apps. So I set the defaults to the old default. But you should talk to your Viya admin about it. Below is my CORS setting.
Click the shield icon to the left of the address bar. Select “Turn off Enhanced Tracking Protection” for that site.
Dear Deva, I think there is a misunderstanding: In the case that I'm not working with the 'Authorize Access' setting, i.e., not working with elevated permissions, the code runs fine.
But in the case, elevated access is chosen, this JSON does not conform with the expectation of restaf. That's why I asked you here in this issue for a solution.
actually, the problem starts with a call to
let services = await store.addServices('casManagement', 'reports', 'reportTransforms');
Michael: I was able to reproduce the issue with a newer version of Viya This change to initStore helped my test app:
let store = restaf.initStore({casProxy: true});
let me know if it works.
Dear restaf developers, in my current projects, I've got issues with CAS data access as soon as I'm logged in as administrator. How can I workaround that the CAS data does not arrive directly but a question related whether I'd like to access CAS as administrator is calling back and no data can be loaded? Actually in the relevant projects it would be great having the possibility to switch to administrator mode as data would be accessible this way only for administrators who are checking issues from users.