can we restrict users watchlist and group watchlist to certain catalog items in portal ?

Thej1 · ‎05-30-2024

Hi,

We have enabled the users watch list and group watch list in portal for the My Requests of RITM's.

Now is it possible to restrict this to certain catalog items ?

Please find the attached screenshot.

Thanks

@Community Alums @Mark Manders @Arpan Baishya @Amit Gujarathi @Allen Andreas @Adil AZ

Kieran Anson · ‎06-04-2024

Hi,

Your server script isn't checking whether the current item has the checkbox, it's just performing a query to find all items with the checkbox being true.

//Assuming 'gr' is the sc_req_item record
data.canView = false;
var catItemGR = gr.getElement('cat_item').getRefRecord();
if(!catItemGR.isValidRecord())
    data.canView = JSUtil.getBooleanValue(catItemGR , 'u_show_watchlist')

View solution in original post

Community Alums · ‎05-30-2024

Hi @Thej1 ,

You can write a Onload Catalog Client script to hide it when you are using that particular catalog Item.

Kieran Anson · ‎05-30-2024

Is this a custom widget you've added/created? What's the page ID? If the widget is custom, can you share the code and we can offer some guidance on how to amend

Thej1 · ‎05-31-2024

Yes this is the custom widget we have created.

Here is the server script code of that widget.

(function() {

var gr;

if (input) {

gr = new GlideRecord(input.table);

if (gr.get(input.sys_id)) {

if (gr.watch_list.canWrite()) {

gr.watch_list = input.watchList;

gr.group_list = input.groupList;

gs.addInfoMessage('Updated');

}

if(gr.group_list.canWrite()){

gr.group_list = input.groupList;

}

gr.update();

}

} else {

var sys_id = (input && input.sys_id) || options.sys_id || $sp.getParameter("sys_id");

var table = (input && input.table) || options.table || $sp.getParameter("table");

gr = new GlideRecord(table);

if (gr.get(sys_id)) {

data.table = table;

data.sys_id = sys_id;

data.canRead = gr.watch_list.canRead() && table == 'sc_req_item';

//data.canReadGroup = gr.group_list.canRead() && table =='incident';

data.canWrite = gr.watch_list.canWrite();

//data.canWriteGroup = gr.group_list.canWrite();

if (data.canRead) {

var dV = gr.getDisplayValue('watch_list');

var sV = gr.getValue('watch_list');

data.displayValue = dV;

data.value = sV;

}

data.name = gr.getDisplayValue('group_list');

data.sysid = gr.getValue('group_list');

}

})();

Kieran Anson · ‎05-31-2024

Thanks for providing, a few options come to mind

You're already checking whether the user can write to the watch list (good practice, I like it!). Have you introduced a new ACL? If so, you could add a filter condition to only allow adding to the watch list if the item aligned to the sc_req_item is one you define. This is the most secure option as you're preventing write access at the DB level
Use widget instance options to define a whitelist. This option is a visual prevention and could be bypassed. Depending on the company/client policy, this may not be compliant

Add a new instance option of type glide_list that references the sc_cat_item table

Add into your server script

var allowedCatalogItems = options.allowed_catalog_items;
					if(allowedCatalogItems){
						var allowedCatItemsArr = allowedCatalogItems.split(',');
						data.canWrite = new global.ArrayUtil().contains(allowedCatItemsArr , gr.getValue(('cat_item')));
						
					}