Fields being incorrectly updated in Catalogue item via a client script

matthew_hughes · Wednesday

I've got 5 onChange Client Scripts to be applied to 5 fields in a catalogue item that I've been working on. The five fields are:

The values of the five fields should automatically be updated to Severe (3) if the following question is Highly Confidential:

That works fine. I've got another requirement that states that if the above question is not Highly Confidential and the below question is 'Yes', then the values of the 5 fields should be set to Material(4)

However, what I've found in my client script is that if the first question is Highly Confidential and the 5 fields are below Material, if I then set the PCI DSS question to 'Yes', then the fields automatically get updated to 'Material'. This should not happen since the first question is Highly Confidential and should not consider the outcome of the PCI DSS question, so the five fields shouldn't get updated The below code I'm using is:

function onChange(control, oldValue, newValue, isLoading) {

if (isLoading || newValue == '') return;

//Declare the required variables

var reputation = g_form.getValue('confidentiality_reputation');

var regular = g_form.getValue('confidentiality_regulatory');

var finance = g_form.getValue('confidentiality_finance_reporting');

var colleagues = g_form.getValue('confidentiality_colleagues_incidents_objectives');

var customer = g_form.getValue('confidentiality_customer');

var confidenRating = g_form.getValue('what_classification_of_data_is_consumed_processed_or_created_in_this_application');

var pcsResponse = g_form.getValue('is_the_application_in_scope_of_pci_dss');

var sox = g_form.getValue('sox_control') == 'true';

var extSox = g_form.getValue('external_auditor') == 'true';

//Set the boolean field to True

var booleanField = true;

//Set the context field to empty to determine the context of the three functions

var context = '';

// Determine context and value of the booleanField

if (confidenRating == 'highly_confidential') {

booleanField = isValid_HighlyConfidential(newValue, reputation, customer, regular, colleagues);

context = 'highly_confidential_function';

alert('Highly Confidential Function Applied');

} else if (pcsResponse == 'yes') {

booleanField = isValid_PCSDSS(newValue, reputation, customer, regular, colleagues);

context = 'pcsResponse_function';

alert('PCS Response Function Applied');

} else if (sox && extSox) {

booleanField = isValid_Sox(newValue, reputation, customer, regular, colleagues);

context = 'sox_function';

alert('Sox Function Applied');

}

// Apply logic based on validation result

if (booleanField == false) {

if (context == 'highly_confidential_function') {

g_form.setValue('confidentiality_finance_reporting', 5);

g_form.setMandatory('rationale_finance_reporting', false);

} else if (context == 'pcsResponse_function' || context == 'sox_function') {

g_form.setValue('confidentiality_finance_reporting', 4);

g_form.setMandatory('rationale_finance_reporting', false);

}

} else {

g_form.setValue('confidentiality_finance_reporting', newValue);

// Mandatory logic based on the context variable

if (context == 'highly_confidential_function' && newValue < 5) {

g_form.setMandatory('rationale_finance_reporting', true);

} else if ((context == 'pcsResponse_function' || context == 'sox_function') && newValue < 4) {

g_form.setMandatory('rationale_finance_reporting', true);

} else {

g_form.setMandatory('rationale_finance_reporting', false);

}

// Calculate Confidentiality Rating based on max score

var max = Math.max(customer, reputation, finance, colleagues, regular);

switch (max) {

case 5:

g_form.setValue('confidentiality_rating', 'Severe');

break;

case 4:

g_form.setValue('confidentiality_rating', 'Material');

break;

case 3:

g_form.setValue('confidentiality_rating', 'Moderate');

break;

case 2:

g_form.setValue('confidentiality_rating', 'Minor');

break;

default:

g_form.setValue('confidentiality_rating', 'No Impact');

}

// Validation Functions for the three required scenarios as part of story SFSTRY0042589

//Apply the below function if the anwser to the question 'What classification of data is consumed, processed or created in this application?' is 'Highly Confidential'

function isValid_HighlyConfidential(newValue, reputation, customer, regular, colleagues) {

if (newValue == 5) return false;

if (newValue < 4 && reputation <= 3 && customer <= 3 && colleagues <= 3 && regular <= 3) {

alert("You must have at least one Confidentiality score at Severe/Material");

return false;

}

return true;

}

//Apply the below function if the anwser to the question 'Is the application in scope of PCI DSS?' is 'Yes'

function isValid_PCSDSS(newValue, reputation, customer, regular, colleagues) {

if (newValue < 3 && reputation <= 2 && customer <= 2 && colleagues <= 2 && regular <= 2) {

alert("You must have at least one Confidentiality score at Material/Moderate");

return false;

}

return true;

}

//Apply the below function if the 'SOX Control' and 'External Auditor SOX Control' fields are true

function isValid_Sox(newValue, reputation, customer, regular, colleagues) {

if (newValue < 3 && reputation <= 2 && customer <= 2 && colleagues <= 2 && regular <= 2) {

alert("You must have at least one Confidentiality score at Material/Moderate");

return false;

}

return true;

}

matthew_hughes · Wednesday

I found the issue. It was because I was referring to the wrong variable for the PCS field in a different client script

View solution in original post

Anupam1 · Wednesday

Hi @matthew_hughes ,

Solution: Prioritize and Isolate Highly Confidential Logic

You need to short-circuit the evaluation so that if the classification is "Highly Confidential", the script does not evaluate PCI DSS or SOX logic at all.

if (confidenRating === 'highly_confidential') {

// Only apply Highly Confidential logic

booleanField = isValid_HighlyConfidential(newValue, reputation, customer, regular, colleagues);

context = 'highly_confidential_function';

alert('Highly Confidential Function Applied');

} else {

// Only evaluate PCI DSS and SOX if classification is NOT Highly Confidential

if (pcsResponse === 'yes') {

booleanField = isValid_PCSDSS(newValue, reputation, customer, regular, colleagues);

context = 'pcsResponse_function';

alert('PCS Response Function Applied');

} else if (sox && extSox) {

booleanField = isValid_Sox(newValue, reputation, customer, regular, colleagues);

context = 'sox_function';

alert('Sox Function Applied');

}

This ensures that once "Highly Confidential" is detected, no other logic is evaluated, and the five fields remain correctly set to Severe 3.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Best,

Anupam

matthew_hughes · Wednesday

Hi @Anupam1 I've tried the below:

function onChange(control, oldValue, newValue, isLoading) {

if (isLoading || newValue == '') return;

//Declare the required variables

var reputation = g_form.getValue('confidentiality_reputation');

var regular = g_form.getValue('confidentiality_regulatory');

var finance = g_form.getValue('confidentiality_finance_reporting');

var colleagues = g_form.getValue('confidentiality_colleagues_incidents_objectives');

var customer = g_form.getValue('confidentiality_customer');

var confidenRating = g_form.getValue('what_classification_of_data_is_consumed_processed_or_created_in_this_application');

var pcsResponse = g_form.getValue('is_the_application_in_scope_of_pci_dss');

var sox = g_form.getValue('sox_control') == 'true';

var extSox = g_form.getValue('external_auditor') == 'true';

//Set the boolean field to True

var booleanField = true;

//Set the context field to empty to determine the context of the three functions

var context = '';

// Determine context and value of the booleanField

if (confidenRating === 'highly_confidential') {

// Only apply Highly Confidential logic

booleanField = isValid_HighlyConfidential(newValue, reputation, customer, regular, colleagues);

context = 'highly_confidential_function';

alert('Highly Confidential Function Applied');

} else {

// Only evaluate PCI DSS and SOX if classification is NOT Highly Confidential

if (pcsResponse === 'yes') {

booleanField = isValid_PCSDSS(newValue, reputation, customer, regular, colleagues);

context = 'pcsResponse_function';

alert('PCS Response Function Applied');

} else if (sox && extSox) {

booleanField = isValid_Sox(newValue, reputation, customer, regular, colleagues);

context = 'sox_function';

alert('Sox Function Applied');

}

// Apply logic based on validation result

if (booleanField == false) {

if (context == 'highly_confidential_function') {

g_form.setValue('confidentiality_finance_reporting', 5);

g_form.setMandatory('rationale_finance_reporting', false);

} else if (context == 'pcsResponse_function' || context == 'sox_function') {

g_form.setValue('confidentiality_finance_reporting', 4);

g_form.setMandatory('rationale_finance_reporting', false);

}

} else {

g_form.setValue('confidentiality_finance_reporting', newValue);

// Mandatory logic based on the context variable

if (context == 'highly_confidential_function' && newValue < 5) {

g_form.setMandatory('rationale_finance_reporting', true);

} else if ((context == 'pcsResponse_function' || context == 'sox_function') && newValue < 4) {

g_form.setMandatory('rationale_finance_reporting', true);

} else {

g_form.setMandatory('rationale_finance_reporting', false);

}

// Calculate Confidentiality Rating based on max score

var max = Math.max(customer, reputation, finance, colleagues, regular);

switch (max) {

case 5:

g_form.setValue('confidentiality_rating', 'Severe');

break;

case 4:

g_form.setValue('confidentiality_rating', 'Material');

break;

case 3:

g_form.setValue('confidentiality_rating', 'Moderate');

break;

case 2:

g_form.setValue('confidentiality_rating', 'Minor');

break;

default:

g_form.setValue('confidentiality_rating', 'No Impact');

}

// Validation Functions for the three required scenarios as part of story SFSTRY0042589

//Apply the below function if the anwser to the question 'What classification of data is consumed, processed or created in this application?' is 'Highly Confidential'

function isValid_HighlyConfidential(newValue, reputation, customer, regular, colleagues) {

if (newValue == 5) return false;

if (newValue < 4 && reputation <= 3 && customer <= 3 && colleagues <= 3 && regular <= 3) {

alert("You must have at least one Confidentiality score at Severe/Material");

return false;

}

return true;

}

//Apply the below function if the anwser to the question 'Is the application in scope of PCI DSS?' is 'Yes'

function isValid_PCSDSS(newValue, reputation, customer, regular, colleagues) {

if (newValue < 3 && reputation <= 2 && customer <= 2 && colleagues <= 2 && regular <= 2) {

alert("You must have at least one Confidentiality score at Material/Moderate");

return false;

}

return true;

}

//Apply the below function if the 'SOX Control' and 'External Auditor SOX Control' fields are true

function isValid_Sox(newValue, reputation, customer, regular, colleagues) {

if (newValue < 3 && reputation <= 2 && customer <= 2 && colleagues <= 2 && regular <= 2) {

alert("You must have at least one Confidentiality score at Material/Moderate");

return false;

}

return true;

}

However, it's not working because the first pop up of 'Highly Confidential Function Applied' appears followed by 'PCS Response Function Applied'

Only the first pop up should appear if Highly Confidential is selected

SVimes · Wednesday

The script you've provided doesn't make sense to me because I am expecting an onChange for

is_the_application_in_scope_of_pci_dss. In the script you've provide, you're evaluating newValue against numbers when the available values are Yes or No (or boolean t/f) which means this script is probably not for that field. Can you provide the code for when is_the_application_in_scope_of_pci_dss is changed?

Sable Vimes - CSA

matthew_hughes · Wednesday

Hi @SVimes

This is the code for that particular field:

function onChange(control, oldValue, newValue, isLoading) {

if (isLoading || newValue == '') {

return;

}

var draft = g_form.getValue('drafted');

if (draft == 'true') {

var hc = g_form.getValue('what_classification_of_data_is_stored_consumed_processed_or_created_in_this_application');

var sox = g_form.getValue('sox_control');

var ext_sox = g_form.getValue('external_auditor');

if ((hc != 'highly_confidential' && ((sox != 'true' && ext_sox == 'true') || (sox == 'true' && ext_sox != 'true') || (sox != 'true' && ext_sox != 'true')) && newValue == 'yes')) {

if (g_form.getValue('confidentiality_customer') != null && (g_form.getValue('confidentiality_customer') < 4) ? g_form.setValue('confidentiality_customer', 4) : true);

if (g_form.getValue('confidentiality_reputation') != null && g_form.getValue('confidentiality_reputation') < 4 ? g_form.setValue('confidentiality_reputation', 4) : true);

if (g_form.getValue('confidentiality_finance_reporting') != null && g_form.getValue('confidentiality_finance_reporting') < 4 ? g_form.setValue('confidentiality_finance_reporting', 4) : true);

if (g_form.getValue('confidentiality_colleagues_incidents_objectives') != null && g_form.getValue('confidentiality_colleagues_incidents_objectives') < 4 ? g_form.setValue('confidentiality_colleagues_incidents_objectives', 4) : true);

if (g_form.getValue('confidentiality_regulatory') != null && g_form.getValue('confidentiality_regulatory') < 4 ? g_form.setValue('confidentiality_regulatory', 4) : true);

g_form.setMandatory('rationale_customer', false);

g_form.setMandatory('rationale_reputation', false);

g_form.setMandatory('rationale_colleagues_incidents_objectives', false);

g_form.setMandatory('rationale_finance_reporting', false);

g_form.setMandatory('u_confidentiality_regulatory_rationale', false);

g_form.setValue('material', true);

}