How do I check if referenced user has write access to a specific record
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-18-2016 11:23 AM
Our CMDB manager would like to send a notification to the owner of a CI only if they have write access to the CI. Is there any way to check a users permission when you are not logged in as the user?
I have found the following:
function evalACL(user, record, operation, field) {
var currentUser = gs.getUserID();
gs.getSession().onlineImpersonate(user);
var sm = GlideSecurityManager.get();
var aclCheck = 'record/' + record.getTableName();
if (!JSUtil.nil(field) ) {
aclCheck = aclCheck + '.' + field;
}
aclCheck = aclCheck + '/' + operation;
gs.print(aclCheck);
var hasRights = sm.hasRightsTo(aclCheck, record);
gs.getSession.onlineImpersonate(currentUser );
return hasRights;
}
Here: ACL's & permissions
However, this requires impersonating the user, which we are a bit apprehensive to do.
Any guidance would be appreciated. Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-26-2017 12:25 PM
This is an old question, however, I was looking to do exactly this. I find out there is a function in the GlideSecurityManager that allows you to set the rights as a specific user so you can then evaluate ACL. It is pretty much the same as an impersonation, however it only affects the roles and ACL part.
The function is GlideSecurityManager.get().setUser(userObject)
Where the user object is a user object that you get using gs.getUser().getUserByID('user_name_or_sys_id').
Don't forget to set back the setUser to the current user otherwise your user would have the other users access until it's session ends.
