Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Best way to check if specific user has a role in a client script? ie not current user

Go to solution
Mark233
Giga Expert

‎10-03-2018 11:11 AM

What is the best way to determine whether a user being referenced on the current record has a role from a client script?

 

Creating an ajax script include feels excessive for such a simple check, what's the best practice here?

 

Specifically my scenario is that when changing a sys_user_delegate record if the delegate is set to a user without an approval role then the "Approvals" field is set false and read only

Thanks,

Mark

0 Helpfuls
  • 29,910 Views
1 ACCEPTED SOLUTION

Go to solution
Dennis R
Tera Guru

‎10-04-2018 09:00 AM

If you want to reliably check whether a user who is not accessing the page has a role, you absolutely must do that using an AJAX call. The reason why is because client-side, most users will not have access to that information. (That is, it would be a security risk for some rando user Bob to know what roles some other rando user Alice has access to.) It must be queried server-side.

Here's one way to do it. Create the following script include, called AjaxUserUtil:

var AjaxUserUtil = Class.create();
AjaxUserUtil.prototype = Object.extendsObject(AbstractAjaxProcessor, {
    type: 'AjaxUserUtil',
    hasRole: function(user, role) {
        if (!user) user = this.getParameter('sysparm_user');
        if (!role) role = this.getParameter('sysparm_role');
        if (user && role)
            return gs.getUser().getUserByID(user).hasRole(role);
    },
});

Then client-side, do something like this:

var ga = new GlideAjax('AjaxUserUtil');
ga.addParam('sysparm_name', 'hasRole');
ga.addParam('sysparm_user', 'jdoe');
ga.addParam('sysparm_role', 'app_user');
ga.getXML(function(resp) {
    var hasRole = JSON.parse(resp.responseXML.documentElement.getAttribute('answer'));
    if (hasRole) {
        // User has role. Note that admin users will always return true for
        // all roles.
    }
});

(Substitute your actual user's user ID or sys_id for jdoe, and the role you want to check for in for app_user.) Note that unless there's a hard requirement for doing so, I would avoid passing all user roles back to the client for checking client-side. That could be used as an exploit by a malicious user.

Hope this helps,
--Dennis R

View solution in original post

8 REPLIES 8

Go to solution
bardakov
Tera Expert

‎10-03-2018 11:16 AM

To check the role of the user on the client side, you can use g_user.hasRole('your_role')
For example:

g_user.hasRole('itil');

https://developer.servicenow.com/app.do#!/api_doc?v=kingston&id=r_GlideUser-hasRole_String

Go to solution
chrissquires1
Tera Guru
In response to bardakov

‎10-03-2018 11:34 AM

Keep in mind that this will always return true for a user with 'admin' role.

0 Helpfuls

Go to solution
Mark233
Giga Expert
In response to bardakov

‎10-04-2018 01:32 AM

Hi Viktor,

 

Unfortunately I need to check whether a user who is NOT the current logged in user has a role. The user I want is referenced on the record being viewed.

 

I believe g_user.hasRole() can only be used for the current logged in user?

Go to solution
Brandon R1
Tera Contributor
In response to Mark233

‎04-22-2021 10:33 AM

I'm needing to do something similar. Did you manage to get this working without using g_user.hasRole() so you can reference the NOT logged-in user??

Basically, what do you use in the ajax instead of:

gs.getUser().getUserByID(user).hasRole(role);

and, in the Catalog Client Script, if I need to check the roles for the user selected in a reference variable for 'caller_id', do I still use this:

ga.addParam('sysparm_user', 'jdoe');

Thanks,

Brandon

0 Helpfuls