Correct way to enable authorization to moqui.basic.print.NetworkPrinterList

We have a transition to get the network printer list…but some non-admin users get an error message that they are not authorized for view on the transition (presumably because of the read on moqui.basic.print.NetworkPrinter)

org.moqui.context.ArtifactAuthorizationException: User k1234 is not authorized for View on Transition component://xyz/screen/xyz.xml/getNetworkPrinterList
 Web Access Forbidden (no authz): User k1234 is not authorized for View on Transition component://xyz/screen/xyz.xml/getNetworkPrinterList

Where the transition looks like:

    <transition name="getNetworkPrinterList">
        <parameter name="term"/>
        <parameter name="ignoreTerm"/>        <!-- 'true' ignores term; e.g. for a non-server search dependent dropdown -->
            <set field="term" from="term ? (ignoreTerm == 'true' ? '': term) : ''"/>

            <!-- The user is likely to type the pseudoId of a party; assume they are trying to do that. -->
            <entity-find-one entity-name="" value-field="partyDetail">
                <field-map field-name="pseudoId" from="term"/>

            <entity-find entity-name="moqui.basic.print.NetworkPrinter" list="printerList">
                <econditions combine="or">
                    <econdition field-name="printerName" operator="like" value="%${term}%" ignore-case="true"/>
                    <econdition field-name="description" operator="like" value="%${term}%" ignore-case="true"/>
                    <econdition field-name="serverHost" operator="like" value="%${term}%" ignore-case="true"/>
                <select-field field-name="serverHost,serverPort,printerName"/>

                def outList = []
                for (printer in printerList) outList.add([value:printer.serverHost + ':' + printer.serverPort, label:printer.printerName + " (" + printer.serverHost + ")"])
                ec.web.sendJsonResponse([options:outList, pageSize:null, count:printerList.size()])

        <default-response type="none"/>

Generally authorization for transitions is handled at the screen level, ie if the user has inheritable authz for the screen then they’ll have authz for the transitions on it. You can also add an artifact group just for the transition and then add an artifact authz record for that artifact group and the user group(s) you want to have access.

Okay, I’ll give that a try…they can actually use the screen just fine…but we have something we added to DefaultScreenMacros similar to the CSV/Excel/etc. download for a form list that allows direct printing of text files to dot matrix printers. It must be that dialog that is giving me grief.

I was going to say make sure the user is actually logged in (ie didn’t lose the session cookie), but looks like there is an anonymized user ID in the message. There should also be an artifact stack in the logs, you might look at that to make sure it is going through what you think it is (ie screens, etc on the artifact stack).

Got it…thank you, David. A developer had extended DefaultScreenMacros.vuet.ftl and referenced something from our base component, which…while users can see much in the component, those without view permission to the root XML screen were unable to access the transition.

Also, for those reading my initial title for the post, the authorization issue had nothing to do with moqui.basic.print.NetworkPrinterList…the authorization issue was that the transition itself did not have view permission for non-privileged users…like the error message said :).

Were a user not signed in, the entity-finds would have been a problem as well…but the real problem was the visibility of the transition.

1 Like