$Roles -notcontains 'PowerUser' how ad more roles?

Hi,
I’m trying to figure out how this row an contain more roles?
I can’t get it to work with a foreach etc for example:

if ($Roles -notcontains @('PowerUser', 'Administrator')) {

}
Product: PowerShell Universal
Version: 1.4.6

Sorry, can you try to explain further?

Do you mean like adding more Role Names to the Array? If so, you’d just ad them like so:

@('PowerUser', 'Administrator', 'ThirdRole', 'FourthRole')

Yes exaclty but it don’t work.
I’m trying to the following;

New-UDDashboard -Title "Jurassic Park" -Content {
    if ($Roles -contains @('Engineering', 'Testrole'))
    {
        New-UDButton -Text 'Start computer'
    }

}

But it don’t work as intended maybe I’m doing it wrong.

Are these roles you’ve added to UD? It’s querying the roles here: (defined in roles.ps1)


I have a line in each of my roles that logs all role validation so I can see whether it is working, sort of like:

Write-Output "$($User.Identity.Name) is a member of <#This Role#>" | Out-File $MyLogFile -Append

I think I was thinking wrong, the people that I have has more roles too them and that function maybe check if ther user are member of bouth Enginnering and Testrole? Or is it checking just if they are member of one of the grupes?

Simpley I want the users that are member of either Engineering or TestRole to have access to it.

I’m actually not sure. I almost always use AD Auth for my users. I think, based on what I’m seeing, you’d need to validate a little differently. Since you want to make sure they’re a member of any groups…
See here:
image
This will validate the user is a member of any:

$true -in @('Role1','Role2').ForEach{$PSItem -in $Roles}

I think for your use case, you want something like:

$false -notin @('TestRole','Engineering').ForEach{$PSItem -in $Roles}

Thanks you, this line did fix it for me :slight_smile:

($Roles -notin @('Administrator', 'PowerUser').ForEach{ $PSItem -in $Roles })

I think, given some testing I did, you may run into some issues with that, unless this just isn’t the whole snippet.
image

$Roles -notin @('Administrator','PowerUser')

What this should do is return true or false. Thus with the following, you’ll be comparing your $Roles variable against an array of booleans.

$Roles -notin @('test1','test2').ForEach{ $PSItem -in $Roles }

In any case, I hope this helped!

I have tested it and I can’t see any issues with it. Here is the hole code.

$Pages += New-UDPage -Name 'Skapa VDI' -url 'createvdi' -Logo $NavBarLogo -Content {

    if ($Roles -notin @('Administrator', 'PowerUser').ForEach{ $PSItem -in $Roles }) {

        New-UDErrorBoundary -Content {

            throw "Du har inte behörighet att se denna sida!"

        }

    }

    else {

        Show-UDModal {

            . "$UDScriptRoot\createvdi.ps1"

        } -FullWidth -MaxWidth 'md' -Persistent

    }

} -Navigation $Navigation

What I want is that everyone that are member of PowerUser or Administrator can access the new page. And it seem to work now. But I’m maybe wrong?

Did you test the outcome with both a user in one of those roles, and a user not in one of those roles, as well as a user in multiple of those roles?

I think you might find that it doesn’t quite act as it should. If the user happens to be a member of multiple roles, you’ll likely return $true, thus allowing them through when they shouldn’t.

Hi,
I have tried to add a user to only “Support” role and then it get blocked, same user I did add to both “Support” and “read” role and it also get blocked.

1 Like