How can I check if the current login user has specific roles and he is the manager of a group

Alon Grod · ‎11-19-2023

How can I make sure that only users with 'local_manager' role or user that is currently currently trying to edit the group members is the manager of that group will be able to edit?
I tried to user this advance acl both on write and create but its not working.

if (gs.hasRole('local_manager')) {
    answer = true;
} else if (current.group.manager == gs.getUserID()) {
    answer = true;
}
else {
	answer = false;
}

I

abirakundu23 · ‎11-19-2023

Hi @Alon Grod ,

Please try below script:

Make ACL on "Create" operation on table level & write below script in Advance section.

if (gs.getUser().hasRole('local_manager') && (gs.getUser().isMemberOf("Sys Id of your group")))

answer = true;

else

answer = false;

OR

if (gs.getUser().hasRole('local_manager') && (gs.getUser().isMemberOf(gs.getProperty("Group")))) // Group is the sys_Property name

answer = true;

else

answer = false;

Please try above once.

Alon Grod · ‎11-19-2023

@abirakundu23 but the group should be dynamic. its not always the same group. if he is trying to edit a group members of a group that he is the manager (manager field on sys_user_group table), then it should be fine.

Alex Tod1 · ‎11-19-2023

Hi @Alon Grod!

Check first if your code is executed, put before "if" a log, if the code doesn't work, post a picture of the acl.

Alon Grod · ‎11-19-2023

@Alex Tod1 @abirakundu23
I have this acl (both write and create) on sys_user_grmember. but when I impersonate someone that he is the manager of the group he still cant edit group members. The 'Edit' Button is not shown and when I click on New it says that the user is not autorized.