Business Rule based on user's roles not working when role is inherited from group

Ahmad6
Giga Expert

‎02-17-2020 05:50 PM

Hi all,

I have a requirement to grant users a custom list layout based on whether they have a certain role which I achieve by building the list in sys_ui_list and sys_ui_list_element (and delete the records once the role is removed from the user). My assumption to run the business rule on sys_user_has_role appears to be incorrect, because that only seems to trigger when I add the role manually to the user. What table do I need to refer this BR to in order to trigger on inherited roles?

Basics of the code is below, I replaced it with just an info message onscreen to conclude the above observation.

 

 

//Check if user still has one of the special roles after that role was either inserted or deleted into sys_user_has_role
var gr = new GlideRecord('sys_user_has_role');
gr.addQuery('user', current.user);
gr.addQuery('role.name', 'ENDSWITH', 'special');
gr.query();
if(gr.next()){
  //create sys_ui_list and sys_ui_list_element records
} else {
 //delete all sys_ui_list and sys_ui_list for specififc table for that user
}

 

Edit: I've tracked down the script that creates the user role once a user is added to a group, script include RoleManager and within that the roles are indeed inserted into "sys_user_has_role", does anyone have an idea why a business rule triggering on insert/deletion might not work?

Labels:
0 Helpfuls
  • 3,292 Views
12 REPLIES 12

Allen Andreas
Administrator
Administrator
In response to Ahmad6

‎02-18-2020 05:27 AM

Usually when things come to something like this, you can troubleshoot by looking at other BRs on this table...also...

I would highly recommend changing your variable from "gr" to something else. It's been documented quite a bit that using gr can sometimes have issues due to it being used almost everywhere in the system for OOB scripts.

Try that and let us know?

Then...perhaps consider my above reply where I help shorten the code, not glide at all, then use the action triggers to add your ui view or whatever it was and/or remove them, if applicable.

Please mark reply as Helpful/Correct, if applicable. Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Allen Andreas
Administrator
Administrator
In response to Allen Andreas

‎03-01-2020 10:28 AM

Hi,

I just wanted to check-in and see how you're doing.

If my reply above helped answer your question and guide you correctly, please mark it as "Helpful" and "Correct.

If you still need assistance, let us know.

Thanks!


Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!
0 Helpfuls

Ahmad6
Giga Expert
In response to Allen Andreas

‎03-16-2020 03:22 PM

Hi Allen,

Sorry for the late update, had to place that task on hold while I completed some other work.

Since something's blocking workflows and I couldn't figure out the cause I resorted to running the business rule on insert of a user into sys_user_grmember, so the script will run unnecessarily for 90% of insertions/deletions but we do it infrequently enough that I'm not concerned with any performance issues. Below is the code that I've created, for some reason the personalisations I create for facilities_request_task work but the one that I create for facilities_request table doesn't work, the record exists in sys_ui_list however the user does not have the personalisations when I load the list.

(function executeRule(current, previous /*null when async*/) {
	//running BR on sys_user_grmember due to unknown function calling 
	//setworkflow(false) on addition of inherited roles to sys_user_has_role
	//after a projects role is added/removed, re-adjust list view layout
	var unitedView = 'db567f14db664450801791f38a961945';
	var checkRole = new GlideRecord('sys_user_has_role');
	checkRole.addQuery('user', current.user);
	checkRole.addQuery('role.name', 'ENDSWITH', 'projects');
	checkRole.query();
	if(checkRole.next()){
		var ft = new GlideRecord('sys_ui_list');
		ft.addQuery('name','facilities_request_task');
		ft.addQuery('sys_user', current.user);
		ft.query();
		if(!ft.next()){
			gs.addInfoMessage('Customising Form layout for Facilities Requests and Tasks');
			var ft_id = [];
			ft.initialize();
			ft.name = 'facilities_request_task';
			ft.view = 'Default view';
			ft.sys_user = current.user;
			ft_id.push(ft.insert());
			ft.initialize();
			ft.name = 'facilities_request_task';
			ft.view = unitedView;
			ft.sys_user = current.user;
			ft.parent = 'facilities_request';
			ft_id.push(ft.insert());
			//gs.info('--AE-- new FCRT created for ' + current.user.name + ', IDs: ' + ft_id)
			var elements = ['number', 'facilities_request.u_client','facilities_request.u_type_of_request', 'short_description', 'state', 'priority', 'due_date'];
			for(var id = 0; id < ft_id.length; id++){
				for(var ele = 0; ele < elements.length; ele++){
					var fte = new GlideRecord('sys_ui_list_element');
					fte.initialize();
					fte.element = elements[ele];
					fte.position = ele;
					fte.list_id = ft_id[id];
					fte.insert();
					//gs.log('--AE-- created list elemen')
				}
			}
		}
		var fr = new GlideRecord('sys_ui_list');
		fr.addQuery('name','facilities_request');
		fr.addQuery('sys_user', current.user);
		fr.query();
		if(!fr.next()){
			fr.initialize();
			fr.name = 'facilities_request';
			fr.view = 'Default view';
			fr.sys_user = current.user;
			var fr_id = fr.insert();
			//gs.info('--AE-- creating FR view for ' + current.user.name)
			var frelements = ['number', 'location', 'u_client', 'u_type_of_request', 'state', 'u_reported_on'];
			for(var frele = 0; frele < frelements.length; frele++){
				var fre = new GlideRecord('sys_ui_list_element');
				fre.initialize();
				fre.element = frelements[frele];
				fre.position = frele;
				fre.list_id = fr_id;
				fre.insert();
			}
		}

	} else {
		gs.addInfoMessage('Removing Form layout customisation for Facilities Requests and Tasks');
		var dft = new GlideRecord('sys_ui_list');
		dft.addQuery('sys_created_by', '!=',current.user.user_name);//don't remove customisation if user has modified it
		dft.addQuery('name','facilities_request_task');
		dft.addOrCondition('name','facilities_request');
		dft.addQuery('sys_user', current.user);
		dft.query();
		while(dft.next()){
			var dfte = new GlideRecord('sys_ui_list_element');
			dfte.addQuery('list_id', dft.getUniqueValue());
			dfte.query();
			dfte.deleteMultiple();
			dft.deleteRecord();
		}

	}

})(current, previous);

 

I've checked the XML between the personalisation created by my script and by the user, and the only difference is the following properties, but I am unable to clear them, they get automatically set.

 

find_real_file.png

Preview file
35 KB
Preview file
35 KB
0 Helpfuls

Ahmad6
Giga Expert

‎02-17-2020 07:59 PM

Changing the Business Rule to run instead on sys_user_grmember or sys_user_covers_location appears to work but the group names don't have a defined "formula" I can incorporate into the query conditions, so it would have to run every time someone is added/removed from a group.

I guess in the grand scheme of things it shouldn't be too big of a performance impact but I still want to know why user roles created via group inheritance do not trigger business rules however user location coverage created via group inheritance does.

0 Helpfuls

Sateesh Kumar 2
Kilo Guru

‎02-17-2020 08:08 PM

Hello,

 

 

Using methods provided in GlideSystem object is much better than direct query, try below code

 

var currentUser = gs.getUser();
var userRoles = currentUser.getUserRoles();

 

if(userRoles.indexOf("special")>-1)

{

 //create sys_ui_list and sys_ui_list_element records
} else {
//delete all sys_ui_list and sys_ui_list for specififc table for that user
}

Regards,

Sateesh Kumar Devadoss

0 Helpfuls