ACL execution, check for no matching Role in Script

Meloper
Kilo Sage

‎02-19-2024 01:45 AM

Hi,

an ACL need to Pass all three (role/condition/Script) if not empty.

I have the requirement that the user should either have role X or be a member of a group on the record.

If I now mention the roles in the empedded list and the user is not a member of these roles because he is "ONLY" a member of the group, the ACL would block according to this screen below.

 

But I don't want to mention all roles in the script like here.

 

 

gs.getUser().hasRole('name1') || gs.getUser().hasRole('name2') || gs.getUser().isMemberOf(current.u_group) || gs.getUser().hasRole('name3');

 

Is there a function/method for the ACL script that checks.


If you don't have any of these roles above, but this script evaluates to true, you can still get in

or does the NO turn go directly to blocked?

 

😄

 

gs.getUser().nomatchingaclrole(:D) || gs.getUser().isMemberOf(current.u_group)

 

 

Meloper_0-1708335822883.png

 

0 Helpfuls
  • 1,054 Views
5 REPLIES 5

Mark Manders
Mega Patron

‎02-19-2024 01:55 AM

Just create 2 ACL's. One for the roles and the other one (scripted) for the group. If either of the ACL's returns true, the user will get access.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Meloper
Kilo Sage
In response to Mark Manders

‎02-19-2024 02:29 AM

Yes, that would be another type of solution, but the original intention of my question is whether it also works in one.
BUT I think the picture very clearly says no!

0 Helpfuls

Mark Manders
Mega Patron
In response to Meloper

‎02-19-2024 03:12 AM

Your instance needs to be maintained after your development is done. Why go for something really complex if it is very easy to do? Troubleshooting ACL's is always a hassle, even if the ACL's themselves are simple. Table, fields, single fields, read/write/create, etc. One limits access, the other one grants it... keep it simple, your admins/successors will thank you later.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark
0 Helpfuls

Meloper
Kilo Sage
In response to Mark Manders

‎02-19-2024 05:57 AM

Hi, everything you say is correct.
But I can only repeat myself.
It's a question of possibility, not whether it's better another way.
I have asked a question and would like to know if there is an API or an XY to do this.

I hope that's ok for you 🙂

0 Helpfuls