Regular User cannot call a script

drwhowhogrub · August 4, 2023, 11:05am

Hi,

I have a zigbee ir blaster to control my non smart heat pump. I am using ZHA not Z2M.
To trigger it to turn on or off I have created a button on the dashboard that triggers a script to send the correct ir to the AC unit. If I am logged in under the admin user it works fine, if a non admin user tries it they get the following error: “Failed to call service script/1689997199912. Unauthorized”
If I log in an go to their dashboard it works fine, so it seems to be a permission error as if I make them an admin it works.

Can a regular user not call a service script? If that is the case what would be a work around so they are able to do this?

Thanks

HA_Tom · October 1, 2023, 7:31pm

I have a similar issue where my partner (a non-admin user) cannot call scripts that I use to trigger a Tuya IR Blaster that controls the amplifier for our TV/speakers.

I wonder if this is the intended behaviour, but it’s a real pain. Maybe something to raise with the devs over on GitHub?

Noxeus · October 26, 2023, 6:25am

I have exactly the same as @HA_Tom but for LED candles.
I have a tempate light that calls a script to send the IR codes to the blaster.
It seems very silly that a in configuration.yaml defined light (by an admin) can’t be called by a regular user…

Noxeus · November 2, 2023, 8:13am

I solved this with a solution I found for a similar problem with Chromecast <-> normal users.

So what I did is: I made a restful command:

rest_command:
  privileged_ir_blast:
    url: http://localhost:8123/api/services/zha/issue_zigbee_cluster_command
    method: post
    headers:
      authorization: !secret service_caller_api_key
    content_type: "application/json; charset=utf-8"
    payload: '{"cluster_type": "in", "endpoint_id": 1, "command": 2, "ieee": "[IEEE of IR Blaster]", "command_type": "server", "params": {"code": "{{ code }}"},"cluster_id": [CLUSTER ID] }'

I wrapped this up nicely in a template switch:

switch:
  - platform: template
    switches:
      led_kaarsen:
        friendly_name: "LED Kaarsen"
        unique_id: <random id>
        turn_on:
          service: rest_command.privileged_ir_blast
          data:
            code: [IR ON CODE]
        turn_off: 
          service: rest_command.privileged_ir_blast
          data:
            code: [IR OFF CODE]

HA_Tom · November 22, 2023, 9:19am

Great, looks like this should work. A quick question regarding:

authorization: !secret service_caller_api_key

Where are you getting this API key from? I don’t recall having to set this up in the past, but looks like it is required for the RESTful command.

HA_Tom · November 22, 2023, 11:13am

Actually, I figured this out and created a long-term API key under my HA profile. One place where I got stuck is that I had to add ‘Bearer’ in front of the API key in my secrets.yaml. Thanks for the tip!