Hello
I am developing a scoped application that is used to manage the work plans of employees organized in work teams. Each work team has multiple users assigned to it. However, a single user can be only in zero to one work teams. This condition should be checked at all times. Currently, I use groups [sys_user_group] to represent a work team. Every work team inherits its roles from the parent group "Work Team" which contains the role "Work Team Member".
My current approach:
I created a business rule on the Group Role table [sys_user_grmemember] to check before an insert of a new record if any of the groups assigned to the user in the new record contains the role "Work Team Member". Therefore, I use two GlideRecord queries and two while loops to iterate through the records.
Problems with the current approach:
The business rules succeeds when I try to create a record directly on the table sys_user_grmember. But, when I try to add a group over the related list in a user record, the debugger does not even notices that the business rule is triggered. This behavior is very odd.
Alternative approaches:
- Instead of checking for the user's roles and their roles. I could check if any of the groups assigned to the user has already the parent "Work Team".
- I could create a new type "Work Team" and check if any of the groups assigned to the user has already the type "Work Team". This approach would not differ much from the first alternative.
- Perhaps instead of a business rule I could try using a scripted ACL.
- If a user is already is already in a work team group they will have to have the role "Work Team Member". Therefore, I could check by gs.hasRole("admin") if the user has this role.
Questions:
- I am wondering why my current approach with a business rules works on the sys_user_grmember table but not when I try to assign a group to a user via the user's related list. How can I fix that?
- Are there any other best practices how to ensure that a user is only in one type of a group?
Kind regards,
Hendrik
