Check if a user is already in a similar group

Hendrik6 · ‎01-24-2023

Hello

I am developing a scoped application that is used to manage the work plans of employees organized in work teams. Each work team has multiple users assigned to it. However, a single user can be only in zero to one work teams. This condition should be checked at all times. Currently, I use groups [sys_user_group] to represent a work team. Every work team inherits its roles from the parent group "Work Team" which contains the role "Work Team Member".

My current approach:

I created a business rule on the Group Role table [sys_user_grmemember] to check before an insert of a new record if any of the groups assigned to the user in the new record contains the role "Work Team Member". Therefore, I use two GlideRecord queries and two while loops to iterate through the records.

Problems with the current approach:

The business rules succeeds when I try to create a record directly on the table sys_user_grmember. But, when I try to add a group over the related list in a user record, the debugger does not even notices that the business rule is triggered. This behavior is very odd.

Alternative approaches:

Instead of checking for the user's roles and their roles. I could check if any of the groups assigned to the user has already the parent "Work Team".
I could create a new type "Work Team" and check if any of the groups assigned to the user has already the type "Work Team". This approach would not differ much from the first alternative.
Perhaps instead of a business rule I could try using a scripted ACL.
If a user is already is already in a work team group they will have to have the role "Work Team Member". Therefore, I could check by gs.hasRole("admin") if the user has this role.

Questions:

I am wondering why my current approach with a business rules works on the sys_user_grmember table but not when I try to assign a group to a user via the user's related list. How can I fix that?
Are there any other best practices how to ensure that a user is only in one type of a group?

Kind regards,

Hendrik

Hendrik6 · ‎01-26-2023

If anyone has an idea on what's the best practice how to solve such a problem I would be very happy if you would please share it with me.

Saurabh Gupta · ‎01-26-2023

Hi,
Can you share more detail about your BR.
When it is executing Before/After, Insert/Delete?

Thanks and Regards,

Saurabh Gupta

Hendrik6 · ‎01-27-2023

Hello Saurabh

Thank you for your reply!

The business rule executes on the table sys_user_grmember and it runs before a new record is inserted. The rule checks for each of the user's groups if the group has the work team role. If it does it rejects a new group to user assignment. I masked the real sys_id of the role with sys_id_of_role_work_team.

(function executeRule(current, previous /*null when async*/ ) {
     var sys_user_grmember = new GlideRecord('sys_user_grmember');
     sys_user_grmember.addQuery('user', current.user);
     sys_user_grmember.query();
     if (sys_user_grmember.hasNext()) {
         while (sys_user_grmember.next()) {
             var sys_group_has_role = new GlideRecord('sys_group_has_role');
             sys_group_has_role.addQuery('role', 'sys_id_of_role_work_team');
             sys_group_has_role.addQuery('group', sys_user_grmember.group);
             sys_group_has_role.query();
             if (sys_group_has_role.hasNext()) {
                 gs.addErrorMessage("The current user already is assigned to a group with the role Work Team.");
                 current.setAbortAction(true);
             }
         }
     }
})(current, previous);

Kind regards,

Hendrik

Saurabh Gupta · ‎01-27-2023

Hi,
Can you please optimize your business rule.
You should write a simple BR on sys_user_grmember like below

Thanks and Regards,

Saurabh Gupta