How to make it so only admins are allowed to edit form post

Arveen · ‎02-16-2022

Hello, I am trying to make it so that when a user submits a form request, they are only allowed to view the form and not edit it. The only people that are allowed to edit this page are the admins and the user that created the request themselves. I do not have access to ACL, and I have tried assigning roles to users that are not admin through the tables section in system definition, however they are able to edit the page. I was wondering how I could enable it so that regular users could not edit the submitted pages.

shloke04 · ‎02-16-2022

Hi @Arveen

Couple of things to note here for your requirement:

1) First check the Read ACL which you have on this table of yours. Reason being even if you write a new Read ACL and try restricting it to Admin or created by still it will fail if there are other ACL already existing for the same table.

So you need to review the existing ACL first and then update those ACL so that they do not conflict with your new ACL.

Now you need to use the script below to evaluate Admin and Created By ( Created By is generally a email id attribute so we will require a script here) as mentioned below:

var getCreatedEmail = fetchEmail();
if(gs.hasRole('admin') || getCreatedEmail == current.sys_created_by){
answer = true; //Allow Access
}
else{
answer = false; //Deny Access
}


function fetchEmail(){
var gr = new GlideRecord('sys_user');
gr.addQuery('sys_id',gs.getUserID());
gr.query();
if(gr.next()){
return gr.email.toString();
}
}

Use the same script to other existing ACL and tweak it to add existing condition as well so that it works in one go for you.

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke

Hope this helps. Please mark the answer as correct/helpful based on impact.

Regards,
Shloke