We have a business rule that should hide certain values in an application list based on the user's access. See script below - line 6 is where I need to put in a check to see if the user is on a record producer within the service portal:

(function executeRule(current, previous /*null when async*/) {


if (gs.getSession().isInteractive() && !gs.hasRole('admin')) {


//am on something broken?

//if(! on something broken){

var ds = new DataSeparation();


//get user's current uri to determine whether or not we should apply prefilter

var jmap = gs.action.getGlideURI().getMap().toString();

gs.include('j2js');

var map = j2js(jmap);


//initialize restriction flags (determine whether or not to apply filter)

//restricted areas are service catalog and change request

var isRestrictedTypeAhead = (map.indexOf('x_referer=change_request') > -1 || map.indexOf('x_referer=rm_feature') > -1 || map.indexOf('x_referer=com.glideapp.servicecatalog_cat_item_view') > -1   || map.indexOf('sysparm_type=sp_ref_list_data') > -1);

var isRestrictedRefList = false;


//if restricted by now - dont bother continuing processing and apply filter below

if (!isRestrictedTypeAhead) {


//are we in a restricted reference list

isRestrictedRefList = (map.indexOf('sysparm_target=change_request') > -1 || map.indexOf('sysparm_target=rm_feature') > -1 || map.indexOf('sysparm_type=M2MList') > -1 || map.indexOf('m2m_catalog_variable_id=IO:') > -1);

}


//restrict to matching access locations string and filter out all CIs without an access location

if (isRestrictedTypeAhead || isRestrictedRefList) {

current.addNotNullQuery('u_access_location');

current.addQuery('u_access_location',ds.getUserAccessLocation());

}

//}

}


})(current, previous);

Wouldn't it then be better to restrict the applications they can select in the record producer via a read ACL on the table being referenced by the list?

Stijn

Stijn,

Perhaps that would be a better long term solution, but since this is causing a production issue I need to get it fixed ASAP.