check loggedin user role in ACL

soumya17
Tera Contributor

‎04-04-2023 01:06 AM

I created custom role 'X' when user with 'X' role logged in he needs to have write access to incidents that are opened by user with 'X' role.

For all other incidents created by different role, those records should be read-only..

Please help me to achieve this.?

 

Thanks

 

0 Helpfuls
  • 2,394 Views
14 REPLIES 14

Weird
Mega Sage

‎04-04-2023 02:06 AM - edited ‎04-04-2023 04:16 AM

Hmm, it's a bit of a roundabout way to do it, but I guess you could try using gs.getUser(getUserByID("sys_id").getRoles() to get the roles of the the opened_by user and then checking if they have the role you want to compare to.

 

if(gs.hasRole('your_role')){
var roles = gs.getUser().getUserByID(current.opened_by).getRoles().toString().split(",");
for(var i in roles){
if(roles[i] == 'your_role'){
return true;
}else{
return false;
}
}
}else{
return false;
}

 

 Something like this.
If the viewer has your_role we check if the opened_by person also has that role and allow access.

Note that I didn't test this in anyway and just typed the script from the top of my head, so it might not work 100% even if the logic is there. You can test it with a background script first to see if you can get the roles of a user (the second line) properly. It might also not work in scoped apps.

0 Helpfuls

soumya17
Tera Contributor
In response to Weird

‎04-04-2023 04:33 AM

Thanku for ur response...

i tried it didnt work..

 

All users having custom role should edit incidents those are created by 'custom role' users

 

For all other incidents created by differnt role should be readonly

 

any other solution..?

0 Helpfuls

Weird
Mega Sage
In response to soumya17

‎04-04-2023 04:46 AM - edited ‎04-04-2023 04:48 AM

That's weird. I gave it a try with a background script and it seems to be fine.
Can you post the ACL script and a screenshot from your ACL record?

Also make sure you wrote the name of your role in the the script.
For example

 

 

if(gs.hasRole('your_role')){

 

 

Should be like this for itil:

 

 

if(gs.hasRole('itil')){

 

 

You have to also add it to this part:

 

if(roles[i] == 'your_role'){

 


Then you also need to make sure the field you're comparing to is correct and a reference.
In my example current.opened_by is OK if the user, who opened the incident, is set in that field. If you're using anything else adjust it accordingly. Also note that sys_created_by doesn't work since it's the user name and not the user sys_id.

Also it just might be that the return true doesn't work, though I think it should.
You can also just say answer = true;

var answer = false;
if(gs.hasRole('your_role')){
var roles = gs.getUser().getUserByID(current.opened_by).getRoles().toString().split(",");
for(var i in roles){
if(roles[i] == 'your_role'){
answer = true;
}
}
}
0 Helpfuls

soumya17
Tera Contributor
In response to Weird

‎04-04-2023 04:49 AM

hi, please see

soumya17_0-1680608921825.pngsoumya17_1-1680608937295.png

 

 

0 Helpfuls