Stop admin impersonating

Go to solution
Brian S5
Kilo Sage

‎02-19-2018 07:26 AM

Good Morning All,

It was requested by my HR department to remove the ability to impersonate HR users. We are using a basic implementation of the un-scoped HR app. I have read through some posts here that i have attempted (Before query BR on the HR table) but need a quick solution to satisfy their requirement. If anyone has any idea's on the best way to implement, id love to hear them. Thank you. 

 

  • 5,762 Views
1 ACCEPTED SOLUTION

Go to solution
Tim Woodruff
Mega Guru
In response to Brian S5

‎02-19-2018 11:12 AM

Hey, sorry about that, I used the wrong method - I've updated my script above. 

To answer your question, you would use the names. 

New script: 

var ImpersonateEvaluator = Class.create();
ImpersonateEvaluator.prototype = {
	initialize: function() {
	},
	BLOCKED_ROLES: [
		'hr_admin' //the EXACT names of the roles to block
	],
	canImpersonate: function(currentUser, impersonatedUser) {
		var i,
			currentUserRoles = currentUser.getRoles(),
			impersonatedUserRoles = impersonatedUser.getRoles();
		//Iterate over array of roles that cannot be impersonated.
		for (i = 0; i < this.BLOCKED_ROLES.length; i++) {
			if (currentUserRoles.indexOf(this.BLOCKED_ROLES[i]) < 0 && impersonatedUserRoles.indexOf(this.BLOCKED_ROLES[i]) >= 0) {
				gs.warn('Unable to impersonate user ' + impersonatedUser.getID() +
					', as the role ' + this.BLOCKED_ROLES[i] + ' was not possessed by the impersonator: ' +
					currentUser.getID());
				return false;
			}
		}
		//Otherwise, return true
		return true;
	},
	type: 'ImpersonateEvaluator'
};

View solution in original post

10 REPLIES 10

Go to solution
andrewdunn
Giga Expert

‎03-15-2018 05:58 PM

Thanks

0 Helpfuls