Security: determinig if current user can read a specific record

ctu1
Giga Expert

‎04-07-2011 04:52 AM

Hi,

I our scenario we are trying to restrict supporter access to certain incidents. The idea is that supporters may only read incidents that have a "service" assigned (a reference field on the incident to a custom table) they are able to read. The custom table is secured via ACLs.

I have written a script include that would take a Service (name) and return true if the current user has read access to that Service. The goal is to use that script include in ACLs for the incident table (and others).

Here's the Script:


CanReadSrv = function(val) {

// no proper Service Name provided
if ((val == null) || (val == "")) {
return false;
}

// Define an array to hold the Services
var FSRV = new Array();
var i = 0;
var lookfor = val;

// Build a query to find all Services user has access to
var srv = new GlideRecord('u_services');
srv.addQuery('u_active', true);
srv.query();

// As long as we find any Services
while (srv.next()) {
FSRV<i> = srv.u_service_name;
i = i + 1;

if (srv.u_service_name == lookfor) {
return true;
}
}
return false;
};


The thing is this return true all the time. It's like it does not run in the context of the user because it always finds all records on the table u_services. Appreciate any help I can get!

Thanx, ct
0 Helpfuls
  • 5,042 Views
3 REPLIES 3

SlightlyLoony
Tera Contributor

‎04-07-2011 07:49 AM

Check out the canRead() method on GlideRecord and GlideElement. Those should let you do what you need!


0 Helpfuls

ctu1
Giga Expert
In response to SlightlyLoony

‎04-07-2011 08:47 AM

Thanx for your reply, I will try. However that still leaves me puzzeled how my function return true in every case. Do script includes not run in the context of the user that calls them? If not, I am expecting that the canRead() function on the GlideRecord would also return true? I'll give your suggestion a shot and see what I come up with.


0 Helpfuls

ctu1
Giga Expert
In response to ctu1

‎04-07-2011 08:56 AM

Hm... works. I stand corrected. Used the following code:



CanReadSrv = function(val) {

// no proper Service Name provided
if ((val == null) || (val == "")) {
   return false;
}

// Build a query to find all Services user has access to
var srv = new GlideRecord('u_services');
srv.addQuery('u_active', true);
srv.query();

// As long as we find any Services
while (srv.next()) {

   if ((srv.u_service_name == val) &amp;&amp; (srv.canRead())) {
      return true;
   }
}
return false;
};


Many thanx. 🙂

Regards, ct


0 Helpfuls