GlideAjax Script Include and Client Script code to restrict access of fields not working.

prabhmeet · ‎02-01-2019

I have a catalog item where I have a reference field to sys_user table (Requested for).

In Some fields on the form only the following users can enter values - requested for's manager, requested for manager's manager, User access administration group. To other users the fields should be visible but they cannot enter values.

I have written a Script Include and Client Script for this but it is not working. I am new to ServiceNow and not too good with coding. Can someone please point out my mistakes?

Please someone help me correct the code?

Script Include -

var RestrictAccessToUpdateFields = Class.create();
RestrictAccessToUpdateFields.prototype = Object.extendsObject(AbstractAjaxProcessor, {
getAccess: function() {

var obj ={};
obj.retvalue ='';
obj.mm = '';
obj.grp = '';
var a = this.getParameter('sysparm_user_id');
var manager = new GlideRecord('sys_user');
manager.addQuery('sys_id', a);
manager.query();
if(manager.next()){
obj.retvalue = manager.manager.sys_id;
obj.mm = manager.manager.manager.sys_id;
obj.grp =gs.getUser().isMemberOf('User Access Administration');

}
return JSON.stringify(obj);
},

type: 'RestrictAccessToUpdateFields'
});

Onchange CLient Script

var id = g_form.getValue('requested_for');//newValue

var ga = new GlideAjax('RestrictAccessToUpdateFields');
var a = g_user.getUser();

ga.addParam('sysparm_name','getAccess');
ga.addParam('sysparm_user_id',id);
ga.getXML(CallBack);

dvp · ‎02-03-2019

getUser method is not available in g_user and also in script inlcude your code returns the objects instead of sys id of managers

Try the below script

Script Include -

var RestrictAccessToUpdateFields = Class.create();
RestrictAccessToUpdateFields.prototype = Object.extendsObject(AbstractAjaxProcessor, {
    getAccess: function() {
        
        var obj ={};
            obj.retvalue ='';
            obj.mm = '';
            obj.grp = '';
            var a = this.getParameter('sysparm_user_id');
            var manager = new GlideRecord('sys_user');
            manager.addQuery('sys_id', a);
            manager.query();
            if(manager.next()){
                obj.retvalue = manager.manager.sys_id.toString();
                obj.mm = manager.manager.manager.sys_id.toString();
                obj.grp =gs.getUser().isMemberOf('User Access Administration');
                
            }
            return JSON.stringify(obj);
        },
        
        type: 'RestrictAccessToUpdateFields'
    });

Onchange CLient Script

function onChange(control, oldValue, newValue, isLoading) {
    if (isLoading || newValue == '') {
        return;
    }
    
    var id = g_form.getValue('requested_for');//newValue
    
    var ga = new GlideAjax('RestrictAccessToUpdateFields');    
    ga.addParam('sysparm_name','getAccess');
    ga.addParam('sysparm_user_id',id);
    ga.getXML(CallBack);
    
    function CallBack(response)
    {
        var answer = response.responseXML.documentElement.getAttribute("answer");
        var returneddata = JSON.parse(answer);
        
        if(returneddata.retvalue == g_user.userID || returneddata.mm == g_user.userID || returneddata.grp == true ){
            g_form.setReadOnly('updated_first_name', false);
            g_form.setReadOnly('updated_last_name', false);
        }
        else{
            
            g_form.setReadOnly('updated_first_name', true);
            g_form.setReadOnly('updated_last_name', true);
        }
    }
    
}

View solution in original post

Allen Andreas · ‎02-01-2019

Hi,

Is there a possibility that these fields could be controlled by the ACL (overall permission)? As this is more so along the lines of best practice and much easier to do?

Basically, I'm meaning, these two fields (or however many they are), you are wanting to limit write access to them unless you're a member of this team, right? So you can create a write ACL for these two fields within that table and then specify the same parameters that you must be a member of 'x' group or your manager is or however you have it done.

Other people can see them as read-only, but those other people could write to them.

Just a thought?

Please mark reply as Helpful/Correct, if applicable.

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

prabhmeet · ‎02-01-2019

Hi Allen,

Thanks for replying. I am absolutely fine with creating an ACL for this but I do not understand how the Conditions will be used, because out of 12 fields suppose, 8 are having this access restriction.

I have earlier also asked this same question and some people said ACL is correct and some said using GLideAjax is correct. I am actually new so I cannot understand which way and how to go about it.

Can you help me with the condition an script in more detail?

Allen Andreas · ‎02-01-2019

var reqforManager = current.requested_for.manager;
var reqforManager2 = reqforManager.manager;
if (gs.getUser().isMemberOf('Access Administration Team') || gs.getUserID() == reqforManager || gs.getUserID() reqforManager2) {
answer = true;
} else {
answer = false;
}

Try that in the script section for each write ACL.

Ugh...these forums, I've written this three times and it wouldn't post/logged me out before.

Keep an eye out for any of the fields I assumed were named what they were...like requested for, if it's custom it could be u_requested_for and then the member of team in the if statement, you may need to change that.

Anyways...please mark reply as Helpful/Correct, if applicable. Thanks!

Please consider marking my reply as Helpful and/or Accept Solution, if applicable. Thanks!

prabhmeet · ‎02-02-2019

Hi Allen, so suppose there are 8 variables on my Catalog item that I want to restrict access for, I will have to create write ACL for each of them separately?