Walk-up Experience dashboard not letting me view any pages

scottneeb · ‎08-22-2018

Upgraded my personal instance to test out the new Walk-Up Queue management application in London, and when I try to access any page in the Walk-Up portal I get the following error:

Sorry, you are not authorized to access the walk-up pages.

Please login using the correct user account.

Mark Stanger · ‎08-25-2018

This one is a bit confusing, but I figured out what's going on. Based on how this should work, I'm guessing this is a bug or a temporary restriction until they are ready to release the full capabilities. The restriction is happening based on the logic of this script include function in the 'WalkUpUtil' script include.

/**
* Ensure that the user only has the walkup_login
* and no other roles. If user has any roles other
* than walkup_login or snc_internal, then the are not
* authorized
*
* @param user a ScopedUser
*/
isAuthorized: function(user) {
var WALKUP_LOGIN = 'sn_walkup.walkup_login';
var SNC_INTERNAL = 'snc_internal'; // used when explicit_roles plugin is active

if (!user || typeof user !== 'object')
return false;

if (!user.hasRole(WALKUP_LOGIN))
return false;

var roles = user.getRoles();
for (var i = 0; i < roles.length; i++)
if (roles[i] !== SNC_INTERNAL && roles[i] !== WALKUP_LOGIN)
return false;

return true;
},

The bottom line is that any user attempting to access the walk-up experience needs to have the 'sn_walkup.walkup_login' role (and optionally the 'snc_internal' role and NO OTHER ROLES WHATSOEVER. I created a test account with just the 'sn_walkup.walkup_login' role, logged out, logged back in, impersonated that account, and I was able to get past those error messages. Good luck!

View solution in original post

Mark Stanger · ‎08-25-2018

This one is a bit confusing, but I figured out what's going on. Based on how this should work, I'm guessing this is a bug or a temporary restriction until they are ready to release the full capabilities. The restriction is happening based on the logic of this script include function in the 'WalkUpUtil' script include.

/**
* Ensure that the user only has the walkup_login
* and no other roles. If user has any roles other
* than walkup_login or snc_internal, then the are not
* authorized
*
* @param user a ScopedUser
*/
isAuthorized: function(user) {
var WALKUP_LOGIN = 'sn_walkup.walkup_login';
var SNC_INTERNAL = 'snc_internal'; // used when explicit_roles plugin is active

if (!user || typeof user !== 'object')
return false;

if (!user.hasRole(WALKUP_LOGIN))
return false;

var roles = user.getRoles();
for (var i = 0; i < roles.length; i++)
if (roles[i] !== SNC_INTERNAL && roles[i] !== WALKUP_LOGIN)
return false;

return true;
},

The bottom line is that any user attempting to access the walk-up experience needs to have the 'sn_walkup.walkup_login' role (and optionally the 'snc_internal' role and NO OTHER ROLES WHATSOEVER. I created a test account with just the 'sn_walkup.walkup_login' role, logged out, logged back in, impersonated that account, and I was able to get past those error messages. Good luck!

Mark Stanger · ‎08-27-2018

Just checking on on this one. Has this question been answered or is there more information I can help you with? If it's been answered, please mark the answer above as the correct one so people know this has been taken care of. Thanks!

Daryl Rodrigues · ‎09-04-2018

Hi @scottneeb, Thank you for your question. This is by design and reasoning behind this was to add more security as the device is exposed to end users to check into the queue.

1. We wanted to restrict the access to walkup portal only to a user with walkup_login role. We have shipped an OOB user called Walkup User that you can impersonate to test.

2. Also, please note that we have script in place that will prevent you from granting any other role to this user. The login user should only have just the "walkup_login" role at any given point of time.

We understand this can be a little confusing and will be working with documentation to make this more clear with future release.

Thanks,

Daryl

scottneeb · ‎09-04-2018

We have an IT Tech Stop that we would like to use this for, however it's not just users with no roles that would need to register. It could be IT or HR or any number of other users that might have other roles. I'm not sure I understand the reasoning behind no roles except 'walkup_login'. I think it would make more sense to just check if they have that role and it doesn't matter if they have other roles.