Catalog Client Script not working when the user only has access to the portal

Amy Palaghia · ‎01-17-2022

Hi all,

I've been asked to update a catalog item so that when it loads on the portal, it checks if the user is part of a group and if he is, a pop up message should appear and then redirect the user to the portal homepage. If the user is not part of that group, then do nothing and allow him to fill up the form. This is my catalog client script, I've tested it and it works but the customer came back and said it doesn't work when he adds certain users to that group. From what I've seen, if the user has roles and access to the backend of the platform, the script works fine but if the user only has access to the portal, then the pop-up message doesn't appear even if the user is part of that exclusion group. Have I done something wrong here?

function onLoad() {
var grpID = 'f34288451bc589d030f0edb2b24bcb8b'; // Exclusion Group
var usrID = g_user.userID; // Get current user ID
var grp = new GlideRecord('sys_user_grmember');
grp.addQuery('group.sys_id', grpID);
grp.addQuery('user', usrID);
grp.query(groupMemberCallback);

function groupMemberCallback(grp) {
if (grp.next()) {
confirm('You are currently excluded from being able to request a laptop. Please contact The Help Desk to discuss further.');
var redirectURL = '/sp/';
top.window.location = redirectURL;
}
}
}

Thanks,

Amy

Gabor10 · ‎01-17-2022

Hello Amy!

I would strongly advise to change a couple things in your script:

1. Do not use g_user

2. Do not use Client Side GlideRecord

Instead, try and utilize GlideAjax which is the "best practice" approach for your requirement. This solution is fully asynchronous which means less disturbance for the user

For that you need this in your onLoad client script:

function onLoad() {
    var ga = new GlideAjax('catalogItemUtils');
    ga.addParam('sysparm_name', 'isMemberOfGroup');
    ga.getXML(getServerParse);
}

function getServerParse(response) {
    var answer = response.responseXML.documentElement.getAttribute("answer");
    if (answer === 'true') {
        alert('You are currently excluded from being able to request a laptop. Please contact The Help Desk to discuss further.');
        top.window.location = '/sp';
    }
}

And this in a Server Side script include: (please change the group sys_id as per your requirement)

var catalogItemUtils = Class.create();
catalogItemUtils.prototype = Object.extendsObject(AbstractAjaxProcessor, {

	isMemberOfGroup: function() {
		var gr = new GlideRecord('sys_user_grmember');
		gr.addQuery('user', gs.getUserID());
		gr.addQuery('group', 'aaccc971c0a8001500fe1ff4302de101');
		gr.setLimit(1);
		gr.query();
		return gr.hasNext();
	},
    type: 'catalogItemUtils'
});

Code is tested and its working as per my understanding, still it could be made a bit more efficient!

View solution in original post

Robin John · ‎01-17-2022

Hi Amy!

According to the official documentation, the client side GlideRecord api applies ACLs based on the credentials of the user executing the script. To execute the code on the server without ACLs, use the GlideAJAX API.

I would recommend you to create a script include and then use GlideAjax api to call the script. That will sort the issue.

Official documentation

Gabor10 · ‎01-17-2022

Hello Amy!

I would strongly advise to change a couple things in your script:

1. Do not use g_user

2. Do not use Client Side GlideRecord

Instead, try and utilize GlideAjax which is the "best practice" approach for your requirement. This solution is fully asynchronous which means less disturbance for the user

For that you need this in your onLoad client script:

function onLoad() {
    var ga = new GlideAjax('catalogItemUtils');
    ga.addParam('sysparm_name', 'isMemberOfGroup');
    ga.getXML(getServerParse);
}

function getServerParse(response) {
    var answer = response.responseXML.documentElement.getAttribute("answer");
    if (answer === 'true') {
        alert('You are currently excluded from being able to request a laptop. Please contact The Help Desk to discuss further.');
        top.window.location = '/sp';
    }
}

And this in a Server Side script include: (please change the group sys_id as per your requirement)

var catalogItemUtils = Class.create();
catalogItemUtils.prototype = Object.extendsObject(AbstractAjaxProcessor, {

	isMemberOfGroup: function() {
		var gr = new GlideRecord('sys_user_grmember');
		gr.addQuery('user', gs.getUserID());
		gr.addQuery('group', 'aaccc971c0a8001500fe1ff4302de101');
		gr.setLimit(1);
		gr.query();
		return gr.hasNext();
	},
    type: 'catalogItemUtils'
});

Code is tested and its working as per my understanding, still it could be made a bit more efficient!

sg_gmail · ‎04-24-2023

Such issues are very common.

RCA: The non-admin users do not have access to the Scrip Include class which is a server-side object.

Solution: Ensure to define your Script Include class with 'Public' access by adding below method inside the class definition:

isPublic:function(){return true; },

That's it, whatever your defined functionality will start working for all users.

Thanks.

sg_gmail · ‎04-24-2023

The solution given above by Gabor10 is correct, but not enough to solve this issue.

There is one more vital ingredient that is missing - which is - you've to ensure that the Script Include class has 'Public' access, so that the desired functionality works for all users including the ones with non-admin privileges.

For this, just add the below function within your Script Include class definition:

isPublic:function(){return true; },

Thanks.