Parent (Incident) & Custom table (child) relationship

Go to solution
_lcrsrms_
Tera Expert

‎04-26-2024 02:50 AM - edited ‎04-26-2024 02:58 AM

Hi, Community.

 

We have created a custom table for HR (custom table extends task table) where we have read ACL for custom role.fullfiler/_admin, we have existing query BR for the approver_user to see HR Case record if they are the opened_by, caller_id, or part of the watch list.

 

On incident table, we have created a context menu UI action "help from hr" which will create HR Case where the parent is the originating incident. What we are trying to achieve is to allow all users part of parent incident assignment group to read the HR Case.

 

I have created ACL read with a script to check if the currently logged in user is part of current.parent.assignment_group and I also tried modifying the query BR, can anyone suggest how to configure this? See code below.

 

 

Screenshot 2024-04-26 at 5.52.58 PM.png

ACL script we've tried since the screenshot from above is not working.

 

if(gs.getUser().isMemberOf(current.parent.assignment_group))
answer=true;

 

 

QUERY BR:

 

(function executeRule(current, previous /*null when async*/) {
	
	var u = gs.getUserID();
	var qc;
	if(gs.hasRole('approver_user')){
		// if user is an approver open up all the HR requests plus the HR tickets mentioning the user
		qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u).addOrCondition('u_ticket_type','request');}
	else{
		// if user does not have HR role they should only be able to see tickets that they created, when they are the caller, or opened by, or if they are in the watch list 	
		qc = current.addQuery("caller_id", u).addOrCondition("opened_by", u).addOrCondition("watch_list", "CONTAINS", u);
	}

	if(current.private_case == false){ //Private cases are not meant to be viewed/access by the affected user
		qc = qc.addOrCondition("u_affected_user", u);
	}

	// Adding logic to check if the user is part of the parent incident assignment group
	var parentIncidentAssignmentGroup = current.parent.assignment_group;
	if (!parentIncidentAssignmentGroup.nil() && parentIncidentAssignmentGroup.isUserMember(u)) {
		// If the user is part of the assignment group, allow access to HR Cases associated with the parent incident
		qc.addOrCondition("parent", current.parent.sys_id);
	} else {
		// If the user is not part of the parent incident assignment group, restrict access
		qc.addCondition('sys_id', 'IN', '-1'); // Ensures no records are returned
	}

})(current, previous);

 

 

 

Thanks!!

0 Helpfuls
  • 468 Views
1 ACCEPTED SOLUTION

Go to solution
Ratnakar7
Mega Sage
Mega Sage

‎04-26-2024 04:57 AM

Hi @_lcrsrms_ ,

 

Your approach seems correct, but there might be some adjustments needed in both the ACL script and the query business rule to achieve the desired behavior. Let's review and refine them:

  1. ACL Script: The ACL script should check if the currently logged-in user is a member of the assignment group associated with the parent incident. Here's how you can adjust it:
    if (current.parent && current.parent.assignment_group) {
   if(gs.getUser().isMemberOf(current.parent.assignment_group)){
     answer=true;
  } 
}
​

     

     

    This script checks if the parent incident exists and if it has an assignment group. If so, it verifies if the currently logged-in user is a member of that assignment group.

  2. Query Business Rule: The query business rule should be updated to include the condition to allow access to HR Cases associated with the parent incident assignment group. Here's how you can adjust it:
    (function executeRule(current, previous /*null when async*/) {
    var userId = gs.getUserID();
    var qc = current.addQuery("caller_id", userId)
                        .addOrCondition("opened_by", userId)
                        .addOrCondition("watch_list", "CONTAINS", userId);

    if (current.private_case == false) {
        qc.addOrCondition("u_affected_user", userId);
    }

    // Check if the user is part of the parent incident assignment group
    var parentIncidentAssignmentGroup = current.parent.assignment_group;
    if( current.parent.assignment_group && gs.getUser().isMemberOf(current.parent.assignment_group)) {
        // If the user is part of the assignment group, allow access to HR Cases associated with the parent incident
        qc.addOrCondition("parent", current.parent.sys_id);
    } else {
        // If the user is not part of the parent incident assignment group, restrict access
        qc.addCondition('sys_id', 'IN', '-1'); // Ensures no records are returned
    }
})(current, previous);
​

Thanks,

Ratnakar

View solution in original post

2 REPLIES 2

Go to solution
Ratnakar7
Mega Sage
Mega Sage

‎04-26-2024 04:57 AM

Hi @_lcrsrms_ ,

 

Your approach seems correct, but there might be some adjustments needed in both the ACL script and the query business rule to achieve the desired behavior. Let's review and refine them:

  1. ACL Script: The ACL script should check if the currently logged-in user is a member of the assignment group associated with the parent incident. Here's how you can adjust it:
    if (current.parent && current.parent.assignment_group) {
   if(gs.getUser().isMemberOf(current.parent.assignment_group)){
     answer=true;
  } 
}
​

     

     

    This script checks if the parent incident exists and if it has an assignment group. If so, it verifies if the currently logged-in user is a member of that assignment group.

  2. Query Business Rule: The query business rule should be updated to include the condition to allow access to HR Cases associated with the parent incident assignment group. Here's how you can adjust it:
    (function executeRule(current, previous /*null when async*/) {
    var userId = gs.getUserID();
    var qc = current.addQuery("caller_id", userId)
                        .addOrCondition("opened_by", userId)
                        .addOrCondition("watch_list", "CONTAINS", userId);

    if (current.private_case == false) {
        qc.addOrCondition("u_affected_user", userId);
    }

    // Check if the user is part of the parent incident assignment group
    var parentIncidentAssignmentGroup = current.parent.assignment_group;
    if( current.parent.assignment_group && gs.getUser().isMemberOf(current.parent.assignment_group)) {
        // If the user is part of the assignment group, allow access to HR Cases associated with the parent incident
        qc.addOrCondition("parent", current.parent.sys_id);
    } else {
        // If the user is not part of the parent incident assignment group, restrict access
        qc.addCondition('sys_id', 'IN', '-1'); // Ensures no records are returned
    }
})(current, previous);
​

Thanks,

Ratnakar

Go to solution
_lcrsrms_
Tera Expert

‎04-29-2024 12:32 AM

@Ratnakar7 I was able to make it work I played around with ACLs, but modified the query BR script. thanks for the helpful input!!

0 Helpfuls