Knowledge Ownership Groups - can non-members Edit/checkout articles?

Gagana B N1 · ‎05-10-2024

On Knowledge Article Edit access shouldn't only be the Assigned Ownership Group, it should be for all Ownership Groups. But OOB functionality is working as Member of one Ownership Group switches to another, if he/she is not part of that group is unable to edit an article.

We have tried ACL, now user can able to edit but Checkout button is still not visible. Is there any better approach without customizing OOB Script Include on 'Checkout' UI action condition?

Attaching the ACL script below:

Kieran Anson · ‎05-14-2024

In order to show the UI Action, you'll need to override the behaviour of the KBVersioning.canCheckout function. Safest way to do this is by adding an overriding function in KBVersioning script include:

var KBVersioning = Class.create();

KBVersioning.prototype = Object.extendsObject(KBVersioningSNC, {

    /**
     * Checks whether checkeout can be done by this user, from this record
     * First checks the results of the OOB canCheckout function
     * Then an additional check for ownership group alignment
     *
     * @Param GlideRecord: current
     * @return Boolean
     **/
    canCheckout: function(kbRecordGR) {
        var canCheckoutSNC = KBVersioningSNC.prototype.canCheckout.call(this, kbRecordGR);

        //Truthy, no further check required
        if (canCheckoutSNC == true)
            return true;

        return this.isMemberOfAnyOwnershipGroup();
    },

    canWrite: function(kbRecordGR) {
        var canWriteSNC = KBVersioningSNC.prototype.canWrite.call(this, kbRecordGR);

        if (canWriteSNC == true)
            return true;

        // Only latest version can be modified by anyone.
        // We're technically running this twice :(
        if (!this.isLatestVersion(current))
            return false;

        switch (current.getValue('workflow_state')) {
            case 'draft':
            case 'review':
            case 'pending_retirement':
            case 'published':
                return this.isMemberOfAnyOwnershipGroup();

            default:
                return false;

        }
    },

    isMemberOfAnyOwnershipGroup: function() {

        var currentUser = gs.getUser();
        var currentUserGroups = currentUser.getMyGroups();
        var KNOWLEDGE_TYPE_GROUP = '458de4f067671300dbfdbb2d07415ad6';

        var groupsGR = new GlideRecord('sys_user_group');
        groupsGR.addQuery('type', 'CONTAINS', KNOWLEDGE_TYPE_GROUP);
        groupsGR.addQuery('sys_id', 'IN', j2js(currentUserGroups));
        groupsGR.setLimit(1); //We only want to check if a record is present;
        groupsGR.query();

        return groupsGR.hasNext(); //Will be true if a record is found

    },

    type: 'KBVersioning'
});

View solution in original post

Kieran Anson · ‎05-10-2024

Hi,

By allowing all ownership groups to have access feels like defeating the purpose of ownership groups. When you say all owernership groups, is that any user whos a member of a group with the knowledge type; any user with the knowledge role; or only user's who's a member of a group with the knowledge type where the group is aligned to atleast one article in the same knowledge base?

Gagana B N1 · ‎05-14-2024

As I mentioned any User whos a Member of one Ownership Group switches to another, even a user(with knowledge role) is not part of that group is able to edit/checkout an article..

Kieran Anson · ‎05-14-2024

In order to show the UI Action, you'll need to override the behaviour of the KBVersioning.canCheckout function. Safest way to do this is by adding an overriding function in KBVersioning script include:

var KBVersioning = Class.create();

KBVersioning.prototype = Object.extendsObject(KBVersioningSNC, {

    /**
     * Checks whether checkeout can be done by this user, from this record
     * First checks the results of the OOB canCheckout function
     * Then an additional check for ownership group alignment
     *
     * @Param GlideRecord: current
     * @return Boolean
     **/
    canCheckout: function(kbRecordGR) {
        var canCheckoutSNC = KBVersioningSNC.prototype.canCheckout.call(this, kbRecordGR);

        //Truthy, no further check required
        if (canCheckoutSNC == true)
            return true;

        return this.isMemberOfAnyOwnershipGroup();
    },

    canWrite: function(kbRecordGR) {
        var canWriteSNC = KBVersioningSNC.prototype.canWrite.call(this, kbRecordGR);

        if (canWriteSNC == true)
            return true;

        // Only latest version can be modified by anyone.
        // We're technically running this twice :(
        if (!this.isLatestVersion(current))
            return false;

        switch (current.getValue('workflow_state')) {
            case 'draft':
            case 'review':
            case 'pending_retirement':
            case 'published':
                return this.isMemberOfAnyOwnershipGroup();

            default:
                return false;

        }
    },

    isMemberOfAnyOwnershipGroup: function() {

        var currentUser = gs.getUser();
        var currentUserGroups = currentUser.getMyGroups();
        var KNOWLEDGE_TYPE_GROUP = '458de4f067671300dbfdbb2d07415ad6';

        var groupsGR = new GlideRecord('sys_user_group');
        groupsGR.addQuery('type', 'CONTAINS', KNOWLEDGE_TYPE_GROUP);
        groupsGR.addQuery('sys_id', 'IN', j2js(currentUserGroups));
        groupsGR.setLimit(1); //We only want to check if a record is present;
        groupsGR.query();

        return groupsGR.hasNext(); //Will be true if a record is found

    },

    type: 'KBVersioning'
});