How can I call a script from within an ACL?

bcronrath · ‎06-02-2015

Basically the problem I am running into right now is getting a security context to properly pull a value back for use on an incident ACL.

This is the incident read ACL in its current state:

current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1

However, the goal is to add an additional OR query to get incidents that have the same "company" value that the user has. So I made a script include that should retrieve the sys_id value of the company from the user and return it as a string. I tried to call it from the ACL like so:

current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1 || current.company == getCompanyName.retrieveCompanyNames();

But clearly I am doing something wrong because it doesn't seem to work properly. I've tested with hardcoding in a company call such as

current.opened_by == gs.getUserID() || current.caller_id == gs.getUserID() || current.watch_list.indexOf(gs.getUserID()) > -1 || current.company == [put sys_id here];

And that pulled the values in fine. So I figure the script certainly doesn't seem to be running correctly, even though I am not seeing mention of it when enabling all debugging.

Another oddity I am seeing is that I get 219 rows returned from my incident query when I test using the hard coded company sys_id in the ACL (the correct number), but when I try using the function in the ACL, I only get the first row returned, and then it says "Number of rows removed from this list by Security constraints: 19"

Wondering why it only says 19 rows removed, shouldn't it be 218? That could be a side issue though, I am mainly just interested in knowing how to properly pull the company value from the user for use in an incident read ACL. Anyone have experience with this?

Best regards,

Brian

bernyalvarado · ‎06-02-2015

Hi Brian,

Have you tried getting the user object and then retrieving the Company information from it?

var user = gs.getUser();

user.getCompanyID() -- returns the sys_id of the current user's company

user.getCompanyRecord() -- returns the current user's company GlideRecord

Getting a User Object - ServiceNow Wiki

Thanks,

Berny

View solution in original post

bernyalvarado · ‎06-03-2015

Hi Brian, no problem. Calling a script include from an ACL is totally possible and simple. Perhaps the most straight forward way to do it is by creating what's called a classless function. A classless function is a script include which structure will be something like:

Name of the Script Include: ourFunctionName

Script of the Script Include:

function ourFunctionName (variablesYouMayWantToPass){

// put your code here

}

So, for your user and retrieving a group of companies from it, you could have something like:

Name of the Script Include: getUserCompanies

function getUserCompanies(user_sys_id){

var companies = [];

var gr = new GlideRecord ('u_m2m_user_companies'); // assuming you have a m2m table like this

gr.addQuery('u_user', user_sys_id);

gr.query();

while (gr.next()){

companies.push(gr.company.sys_id.toString());

}

return companies.join(','); //retrieves a list of companies sys_ids separated by commas

}

from your ACL you just invoke that script include on the following way:

getUserCompanies(myUserSysId);

If you don't want to do a classless, then the structure of the script include just changes a little bit to make it a class and then you need to do a new of the Class and then class the function with the class instance.

Thanks,

Berny

bernyalvarado · ‎06-03-2015

And just in case it's handy. Here goes a link of how to create many 2 many tables which basically is by using sys_m2m.list

http://wiki.servicenow.com/index.php?title=Creating_a_Many-to-Many_Relationship#gsc.tab=0

Thanks,

Berny