Before Query Business Rule Script help

Valon Sheremeti · ‎06-04-2020

Hi all. I was hoping if I can pick your brain to complete business rule script.
Goal: I need to restrict access to certain catalog item variable values so only the following users can query them:

1. Any member of group named "MyGroup"
OR
2. User who filled the variable itself (this is the userID in sys_created_by field in the table)

I've come with the following script and I was hoping if you can help me complete the part of the script in red.
P.S. I was able to get it work by hard coding the sys_id of certain user, but I am unable to make it dynamic for any logged user.

Business Rule
Table: Options [sc_item_option]
When: Before Query
Script:

if((gs.getUserName()!=current.sys_created_by)&&(!gs.getUser().isMemberOf('MyGroup')))
{
current.addQuery('item_option_new','!=','490bd8e51bcdd050af0787bae54bcb75');
}

// 490bd8e51bcdd050af0787bae54bcb75 is the sys_id of catalog item variable

I appreciate your comments 🙂
Val

Michael Jones - · ‎06-05-2020

Ok - amazing what a few hours of sleep can do.

Give this a try! The trick was figuring out what was actually being "queried" when a request item was loaded and then working out the details from there.

(function executeRule(current, previous /*null when async*/ ) {

    var looking_for = '490bd8e51bcdd050af0787bae54bcb75'; //this is the id of your variable
    var found_var = false;
	var found_where = '';
    var sc_item_option = new GlideRecord('sc_item_option');
    sc_item_option.addEncodedQuery(current.getEncodedQuery());
	sc_item_option.setWorkflow(false); //critical to prevent recursive loop
    sc_item_option.query();
    while (sc_item_option.next()) {
        if (sc_item_option.item_option_new.sys_id == looking_for) {
			//ok we found the variable, ow we see if it was created by the user, or if the user is not part of the group
			if(sc_item_option.sys_created_by !=  gs.getUserName() && !gs.getUser().isMemberOf('MyGroup')) {
			found_var = true;
			found_where = sc_item_option.getValue('sys_id');
			}
        }

    }

    if (found_var == true ) {
		//If we found the var, the user is not the creator, and is not in the group - exclude that record!
        current.addQuery('sys_id', '!=', found_where);
    }


})(current, previous);

If this was helpful or correct, please be kind and click appropriately!

Michael Jones - Proud member of the CloudPires Team!

I hope this helps!
Michael D. Jones
Proud member of the GlideFast Consulting Team!

View solution in original post

Michael Jones - · ‎06-04-2020

Seems like you might have some extra parens in there. Try this?

if(gs.getUserName() != current.sys_created_by && !gs.getUser().isMemberOf('MyGroup'))
{
current.addQuery('item_option_new','!=','490bd8e51bcdd050af0787bae54bcb75');
}

If this was helpful or correct, please be kind and click appropriately!

Michael Jones - Proud member of the CloudPires Team!

I hope this helps!
Michael D. Jones
Proud member of the GlideFast Consulting Team!

Valon Sheremeti · ‎06-04-2020

Michael, thank you for your comments in these late hours. I appreciate it.

I'm afraid it is not working.

Problem is on the part current.sys_created_by. I tried the output of gs.log(current.sys_created_by) and got empty result. I need to tackle this from another angle.

if(gs.getUserName() != current.sys_created_by && !gs.getUser().isMemberOf('MyGroup'))
{
current.addQuery('item_option_new','!=','490bd8e51bcdd050af0787bae54bcb75');
}

Satyanarayana C · ‎06-04-2020

Hi,

Can you try current.getValue('sys_created_by').

Also, current object is coming from which table?

Thanks

Michael Jones - · ‎06-04-2020

Ok, yeah - I really am tired!

For a Query Business Rule, Current is not the "current record" in the usual sense, so this is working exactly as designed, believe it or not. Current is really just the query that going to be executed to display the results.

So, if you did this, for example:

(function executeRule(current, previous /*null when async*/) {

if(!gs.getUser().isMemberOf('MyGroup'))
{
current.addQuery('item_option_new','!=','490bd8e51bcdd050af0787bae54bcb75');
}

})(current, previous);

Then only members of your group would see that variable.

You can't check "each individual record in the list" - just general conditions - pretend current doesn't exist, except to set the query.

I have a crazy idea how it might be done, but I'm too tired to think it through right now. If you find a better answer, please update here, otherwise I'll see if I can think of something.

This might - possibly - be something better done as an ACL than a Query rule....

If this was helpful or correct, please be kind and click appropriately!

Michael Jones - Proud member of the CloudPires Team!

I hope this helps!
Michael D. Jones
Proud member of the GlideFast Consulting Team!