gs.getUser().hasRole('anytext') always returns "true"

Go to solution
Vespertinus
Tera Expert

‎05-11-2017 05:23 AM

I figured aut a strange behaviour with hasRole() function. We are on Istanbul Patchlevel 4

You can reproduce by opening background scripts winodow and run following script:

gs.log(gs.getUser().getDisplayName())

gs.log(gs.getUser().getRoles())

gs.log(gs.getUser().hasRole('gdfgsdrfr'))

[0:00:00.002] Script completed in scope global: script

*** Script: System Administrator
*** Script: admin,template_editor_global
*** Script: true

-> users display name is correct

-> roles are corre

-> true???

http://wiki.servicenow.com/index.php?title=Getting_a_User_Object#gsc.tab=0

myUserObject.hasRole()

-- returns true or false if the current user has the provided role (takes a role name as its argument)

For me it returns always true 😕

Any clue?

br

Vesp

  • 56,030 Views
1 ACCEPTED SOLUTION

Go to solution
javier_messeri
Kilo Expert

‎05-11-2017 05:30 AM

Hi,



I think "hasRole('whatever')" always returns true if you are the admin (http://wiki.servicenow.com/index.php?title=GlideSystem#hasRole.28String.29 ), no wonder if the role really exists or not.


There's a g_user.hasRoleExactly() (client side, http://wiki.servicenow.com/index.php?title=GlideUser_(g_user)#hasRoleExactly ) but not an explicit version in server side, but by scripting a little bit, you may have and have a "hasRoleExactly" for server, something like:



var rol = new GlideRecord('sys_user_role');

               rol.addQuery('name', role);

               rol.query();

               if (rol.next()) {

                       var hasRole = new GlideRecord('sys_user_has_role');

                       hasRole.addQuery('user', user_id);

                       hasRole.addQuery('role', rol.sys_id);

                       hasRole.query();


                       if (hasRole.next()) {

                               return true;

                       } else {

                               return false;

                       }

               }

               return false;


Cheers,


Javier


View solution in original post

19 REPLIES 19

Go to solution
xiaix
Tera Guru
In response to Vespertinus

‎08-30-2017 05:16 PM

if (gs.getUser().getRoles().indexOf('bcp_super_admin') >= 0)



Brilliant!


0 Helpfuls

Go to solution
Lavlesh Garg1
Giga Expert
In response to Vespertinus

‎12-02-2017 04:23 AM

Awesome workaround, love it


0 Helpfuls

Go to solution
kemmy1
Tera Guru
In response to javier_messeri

‎06-26-2019 07:39 AM

We tried this in a script include and the user seems to need access (read) to the sys_user_has_roles table in order to make this work.  Does that sound right?

Lisa

0 Helpfuls

Go to solution
The SN Nerd
Giga Sage
Giga Sage
In response to kemmy1

‎06-26-2019 06:41 PM

Scripts are run as the system, unless you are using GlideRecordSecure. If you are using GlideRecord, that doesn't sound right.

The GlideRecord solution to this problem isn't the most efficent.

Use this code instead

(gs.getSession().getRoles().indexOf('help_desk') >-1)

ServiceNow Nerd
ServiceNow Developer MVP 2020-2022
ServiceNow Community MVP 2019-2022

Go to solution
bandi
Tera Contributor
In response to javier_messeri

‎04-11-2022 03:49 AM

Hi 

I have duplicate roles and duplicate group , if i will try to add already existing role to the same user its allowing ... how to solve this problem 

 help me code 

Thanks & Regards,

Bandi

Preview file
77 KB
Preview file
148 KB
0 Helpfuls