Xpath expression to check User Roles

0
Hello, I today found a very strange bug in my application. I wanted to use Xpath Expression to filter some objects according to User roles. I simply used the != -expression: [MyModule.Object_ApplicationUser/AccountManagement.ApplicationUser/System.UserRoles != '[%UserRole_SomeRole%]'] However, this didn’t work for any logged in user apart of the ones have the UserRole_Admin assigned. (in total 4 different user roles available). I first thought that this must have something to do with the user settings, however, after rechecking everything I couldn’t find anything wrong. I then changed the Xpath expression to: [not(MyModule.Object_ApplicationUser/AccountManagement.ApplicationUser/System.UserRoles = '[%UserRole_SomeRole%]')] This worked without problems. Are there any constrains or differences in using != vs not(.. = ..)?   Thanks very much.  
asked
1 answers
2

They are different queries.

In the first query, the one that doesn’t work, you’re requiring that MyModule.Object is associated with any UserRole that is not SomeRole. If you check the access rules for System.UserRole you notice that users may only see their own role or “grantable roles”, that means, roles they are allowed to assign to users according to their user role settings in the project security. These access rules prevent your query to work correctly, if you’re retrieving on screen or in a microflow with entity access enabled, unless you are Admin and may see all the roles.

In the second query, you’re requiring that MyModule.Object is not associated to SomeRole, which is a different question and one that you're apparently allowed to ask. So you get an answer. If MyModule.Object is not associated to any UserRole, it will still be in the results. In the first query, if it worked, it would not.

answered