gs.getUser().hasRole('anytext') always returns "true"

Go to solution
Vespertinus
Tera Expert

‎05-11-2017 05:23 AM

I figured aut a strange behaviour with hasRole() function. We are on Istanbul Patchlevel 4

You can reproduce by opening background scripts winodow and run following script:

gs.log(gs.getUser().getDisplayName())

gs.log(gs.getUser().getRoles())

gs.log(gs.getUser().hasRole('gdfgsdrfr'))

[0:00:00.002] Script completed in scope global: script

*** Script: System Administrator
*** Script: admin,template_editor_global
*** Script: true

-> users display name is correct

-> roles are corre

-> true???

http://wiki.servicenow.com/index.php?title=Getting_a_User_Object#gsc.tab=0

myUserObject.hasRole()

-- returns true or false if the current user has the provided role (takes a role name as its argument)

For me it returns always true 😕

Any clue?

br

Vesp

  • 56,025 Views
1 ACCEPTED SOLUTION

Go to solution
javier_messeri
Kilo Expert

‎05-11-2017 05:30 AM

Hi,



I think "hasRole('whatever')" always returns true if you are the admin (http://wiki.servicenow.com/index.php?title=GlideSystem#hasRole.28String.29 ), no wonder if the role really exists or not.


There's a g_user.hasRoleExactly() (client side, http://wiki.servicenow.com/index.php?title=GlideUser_(g_user)#hasRoleExactly ) but not an explicit version in server side, but by scripting a little bit, you may have and have a "hasRoleExactly" for server, something like:



var rol = new GlideRecord('sys_user_role');

               rol.addQuery('name', role);

               rol.query();

               if (rol.next()) {

                       var hasRole = new GlideRecord('sys_user_has_role');

                       hasRole.addQuery('user', user_id);

                       hasRole.addQuery('role', rol.sys_id);

                       hasRole.query();


                       if (hasRole.next()) {

                               return true;

                       } else {

                               return false;

                       }

               }

               return false;


Cheers,


Javier


View solution in original post

19 REPLIES 19

Go to solution
todtoter
Mega Expert

‎05-11-2017 05:28 AM

This is because you have the admin role. This function will always return true if the user has admin.


g_user.hasRolesExactly('role_name') will check if that user has the exact role.



Impersonate a user without admin role.



http://wiki.servicenow.com/index.php?title=GlideUser_(g_user)#hasRole


Go to solution
Sharique Azim
Mega Sage

‎05-11-2017 05:29 AM

Hi Vespertinus,



Please check if the same is occurring for other users also? I think its the admin role which is bypassing all roles and returns true.



Regards,
Shariq


0 Helpfuls

Go to solution
javier_messeri
Kilo Expert

‎05-11-2017 05:30 AM

Hi,



I think "hasRole('whatever')" always returns true if you are the admin (http://wiki.servicenow.com/index.php?title=GlideSystem#hasRole.28String.29 ), no wonder if the role really exists or not.


There's a g_user.hasRoleExactly() (client side, http://wiki.servicenow.com/index.php?title=GlideUser_(g_user)#hasRoleExactly ) but not an explicit version in server side, but by scripting a little bit, you may have and have a "hasRoleExactly" for server, something like:



var rol = new GlideRecord('sys_user_role');

               rol.addQuery('name', role);

               rol.query();

               if (rol.next()) {

                       var hasRole = new GlideRecord('sys_user_has_role');

                       hasRole.addQuery('user', user_id);

                       hasRole.addQuery('role', rol.sys_id);

                       hasRole.query();


                       if (hasRole.next()) {

                               return true;

                       } else {

                               return false;

                       }

               }

               return false;


Cheers,


Javier


Go to solution
Vespertinus
Tera Expert
In response to javier_messeri

‎05-16-2017 06:49 AM

Thx for all the answers, but this one also considered that "hasRoleExactly" only works for clientside scripts. We wanted to use that in an advanced view rule, to not force specific views for admin role. But as admin has "all" roles he also got this view forced. Thx for this script here, but we managed it in a "simpler" way with this line:



gs.getUser().hasRoleExactly('<customrole>')


-> returns "undefined"


gs.getUser().hasRole('<customrole>')


-> does not work for view rule scripts., returns always true for admin


(gs.getUser().getRoles().indexOf('<customrole>')>=0


-> works, retruns false for admin.