Allow certain users to only add or remove themselves from the watchlist

maxwell_kruse
Giga Contributor

Greetings,

I have a business requirement in which most users are limited to only add/remove themselves from a Watch list field. Only certain users should be able to add/remove other users. I have tried both a write, list_edit, and delete ACL on the watch_list field to no avail. Any ideas on an approach I might take? Ideally I'd like to keep the 'Add Me' button.

Thanks for the suggestions

4 REPLIES 4

SanjivMeher
Kilo Patron
Kilo Patron

You should just need the write ACL. Can you post the screenshot of write ACL you created?


Please mark this response as correct or helpful if it assisted you with your question.

find_real_file.png

 

The problem with only giving write operations to a few means the common user loses the 'Add me' feature and the ability remove themselves

Shishir Srivast
Mega Sage

was thinking if we can try it through advanced reference qualifier, if user belongs to any particular group then allow that user to add/remove any users in the list if not then let just allow that user to add/remove himself/herself.

 

var assignedToList = Class.create();
assignedToList.prototype = {
	initialize: function() {
	},
	AssignTo:function() {
		var user = [];
		var grp = new GlideRecord('sys_user_grmember');
		grp.addQuery('group', 'PASS THE GROUP SYS_ID HERE');
		grp.addQuery('user', gs.getUserID());
		grp.query();
		if(grp.next()){
			var gr = new GlideRecord('sys_user');
			gr.query();
			while(gr.next())
				user.push(gr.sys_id.toString());			
		}
		else
			user.push(gs.getUserID());

		return 'sys_idIN' + user;
	},
	type: 'assignedToList'
};

 

in field advanced reference qualifier, please use:

javascript: new assignedToList().AssignTo();

 

but using reference qualifier we can restrict the users list pop-up, but user still be able to add any other user using below option.

find_real_file.png

Not sure on this part, trying to find the way on this.

The SN Nerd
Giga Sage
Giga Sage

If you wanted to implement your original requirement in a business rule, you could use the following code:

When: Insert / Update
Condition: Watch list changes
Advanced Condition: !gs.hasRole('role_that_allows_any_watch_list_addition');

Advanced Code:

(function preventWatchListAdditionOtherThanSelf(current, previous /*null when async*/) {
	// Convert watch list to array
	var previousWatchListAsArray = previous.getValue('watch_list').split(',');
	var currentWatchListAsArray = current.getValue('watch_list').split(',');
	
	//Only for adding users
	if (currentWatchListAsArray.length > previousWatchListAsArray.length) {
		
		//Use array util to determine difference 
		var arrayUtil = new ArrayUtil();
		var additionalWatchListUsersAsArray = arrayUtil.diff(currentWatchListAsArray, previousWatchListAsArray);
		var isMoreThanOneUserAdded = additionalWatchListUsersAsArray.length > 1;
		var isUserAddedNotLoggedInUser = additionalWatchListUsersAsArray[0] != gs.getUserID();
		
		//If any user other than the currently logged in user has been added
		if (isMoreThanOneUserAdded || isUserAddedNotLoggedInUser) {
			current.abortAcion(true);
			current.watch_list = previous.getValue('watch_list');
			gs.addErrorMessage('Invalid update to watch list field.');

		}
	}

})(current, previous);

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022