ACL to restrict certain sc_tasks to assignment group members only

Go to solution
Sam Ogden
Tera Guru

‎04-12-2019 04:32 AM

Hi All,

I am currently trying to create a read ACL on the sc_task table so that when the catalog item is a certain item only members of the assignment group will be able to have access.to the task.  All other catalog item types will not have this restriction.

I've set the ACL at table level, with roles set as ITIL or Catalog, no condition in place and the script is as follows:

var currentUser = gs.getUser();

if(current.request_item.cat_item.name == 'F20 Starters/Leavers/Movers/Changes Form'){
	if(gs.getUser().isMemberOf(current.assignment_group.getDisplayValue())){
		answer = true;
	}

     else {
		 answer = false;
	 } 
}
answer = true;

I've impersonated a user whos assignment group does not have one of these catalog items assigned to their group, but they are still seeing all catalog tasks for this item type.  I've debugged on security and can see it is this ACL that is giving read access

Any help is greatly appreciated

Thanks

Sam

Labels:
0 Helpfuls
  • 1,998 Views
1 ACCEPTED SOLUTION

Go to solution
Uncle Rob
Kilo Patron

‎04-12-2019 04:42 AM

The last line is the culprit.

No matter how your IF statement works out, you're still setting answer = true at the very end.

 

Incidentally, troubleshooting this code is an awesome use case for Xplore, by Whitespace Studios (don't worry about a hard sell, the app is free).  Save you all kinds of time.

View solution in original post

3 REPLIES 3

Go to solution
Uncle Rob
Kilo Patron

‎04-12-2019 04:42 AM

The last line is the culprit.

No matter how your IF statement works out, you're still setting answer = true at the very end.

 

Incidentally, troubleshooting this code is an awesome use case for Xplore, by Whitespace Studios (don't worry about a hard sell, the app is free).  Save you all kinds of time.

Go to solution
Sam Ogden
Tera Guru
In response to Uncle Rob

‎04-12-2019 05:04 AM

Cheers Robert.  I knew it would be something silly.

Sam

0 Helpfuls

Go to solution
Harish Murikina
Tera Guru

‎04-12-2019 04:46 AM

Try this below script.

if (current.request_item.cat_item.name == 'F20 Starters/Leavers/Movers/Changes Form') {
if (gs.getUser().isMemberOf(current.assignment_group)) {
answer = true;
} else {
answer = false;
}
} else {
answer = true;
}

Regards,

Harish Murikinati.