How to validate User is member of the group

JRY
Mega Guru

Hello,

 

I'm trying to validate if the user is a member of the group or not. Previously there was an action created on flow designer to verify the same, but recently a client asked to verify it on form level if the requested for is a member of specific groups or not. If he is a member of the group, then send an error message. I have tried the same code which was on action to OnSubmit Catalog client script but it's not working. Can someone help what went wrong here please?

 

 

function onSubmit() {
    //Type appropriate comment here, and begin script below
    console.log('testing');
    var denyInternet = 'DENYINTERNETACCESS.LG';
    var phising = 'PHISHING.DIA';
    var temp_user = g_form.getValue('request_For');
    var platcode = newValue;
    console.log(temp_user);
    var pattern = /\\/;
    var split = userId.split(pattern);
    var useruid = split[1];
    var odataparam = "TechCode eq ('NT')and platCode in ('NA','SA','EA','AP','upstreamaccts','ACCPT','AF') and uid eq ('" + temp_user + "')";
    var iamAPIUtil = new GlideAjax('x_iem_iam.IAM_API_Utils');
    iamAPIUtil.addParam('sysparm_name', 'searchPrincipal');
    iamAPIUtil.addParam('sys_param_odata', odataparam);
    iamAPIUtil.getXML(function serverAnswer(response) {
        var jsonobj = response.responseXML.documentElement.getAttribute('answer');
        try {
            var json_value_obj = JSON.parse(jsonobj);
            var resultgrp = json_value_obj[0].principalid;
            if (denyInternet.toUpperCase() == resultgrp.toUpperCase() || phising.toUpperCase() == resultgrp.toUpperCase()) {
                g_scratchpad.isGroupVerified = false;
                g_form.addErrorMessage('You are part of the Phishing group which restricts access to internet. Please contact the CyberSecurity team for additional details');
            } else {
                g_scratchpad.isGroupVerified = true;
            }
        } catch (e) {
            g_scratchpad.isGroupVerified = true;
        }
    });
    function filter(obj_answer, propertie, operator, value) {
        if (operator == '!=') {
            return obj_answer.filter(function(entitle) {
                return entitle[propertie] != value;
            });
        } else if (operator == '==') {
            return obj_answer.filter(function(entitle) {
                return entitle[propertie] == value;
            });
        }
    }
    var entitlements = json_value_obj;
    var obj_entitlements = JSON.parse(entitlements);
    var account = obj_entitlements[0].principalid; //IAM Field: PrincipalID | Not in ServiceNow
    var iamAPIUtils = new GlideAjax('x_iem_iam.IAM_API_Utils');
    iamAPIUtils.addParam('sysparm_name', 'getEntitlementsForAccount');
    iamAPIUtils.addParam('sys_param_odata', account);
    var filterEntitlementsArray = filter(iamAPIUtils, 'principaltypedesc', '!=', 'OBJ - Server Local Group');
    var groupmembership = JSON.stringify(filterEntitlementsArray);
    var groupName = denyInternet;
    var internetPhisinf = phising;
   var string_obj = groupmembership;
    if (string_obj) {
        var obj_answer = JSON.parse(string_obj);
        var ismemberofgroup = obj_answer.filter(function(obj) {
            return obj.uid == groupName;
        }).length > 0;
    } else {
        ismemberofgroup = false;
    }
}

 

 

Thanks,

JRY

2 REPLIES 2

Hi Mike,

 

I appreciate the response. I should clarify that I'm attempting to identify users from particular groups which are coming from third-party applications. For this, we already created an action on flow designer that is functioning properly, but the new requirement is that I need to confirm whether the user is a member of the groups listed below on form level before submitting the request. These groups are in applications from outside sources. I'm currently attempting to modify the Onsubmit client script's code. Could you please check the code below? I've made a few adjustments, but I'm still unsure of the problem.

function onSubmit() {
    //Type appropriate comment here, and begin script below
    console.log('testing');

    var denyInternet = 'DENYINTERNETACCESS.LG';
    var phising = 'PHISHING.DIA';
    var temp_user = g_form.getValue('request_For');
    var platcode = newValue;
    console.log(temp_user);
    var ajax_tempGroup = new GlideAjax('x_iem_iam.tempTableUtils');
    ajax_tempGroup.addParam('sysparm_name', 'getUID');
    ajax_tempGroup.addParam('sysparm_user', temp_user);
    ajax_tempGroup.getXML(function(response) {
        var user_uid = response.responseXML.documentElement.getAttribute('answer');
        var odata = "TechCode eq ('NT')and platCode in ('NA','SA','EA','AP','upstreamaccts','ACCPT','AF') and uid eq ('" + user_uid + "')";
        var iamAPIUtil = new GlideAjax('x_iem_iam.IAM_API_Utils');
        iamAPIUtil.addParam('sysparm_name', 'searchPrincipal');
        iamAPIUtil.addParam('sys_param_odata', odata);
        iamAPIUtil.getXMLWait(function(response) {
            var jsonobj = response.responseXML.documentElement.getAttribute('answer');
            var json_value_obj = JSON.parse(jsonobj);
            var account = json_value_obj[0].principalid;
            var iamAPIUtils = new GlideAjax('x_iem_iam.IAM_API_Utils');
            iamAPIUtils.addParam('sysparm_name', 'getEntitlementsForAccount');
            iamAPIUtils.addParam('sys_param_odata', account);
            iamAPIUtils.getXML(function(response) {
                var answer = response.responseXML.documentElement.getAttribute('answer');
                var filterEntitlementsArray = filter(iamAPIUtils, 'principaltypedesc', '!=', 'OBJ - Server Local Group');
                var groupmembership = JSON.stringify(filterEntitlementsArray);

                var groupName = denyInternet;
                var internetPhisinf = phising;
                var string_obj = groupmembership;
                if (string_obj) {
                    var obj_answer = JSON.parse(string_obj);
                    var ismemberofgroup = obj_answer.filter(function(obj) {
                        obj.uid == groupName;
                        g_form.addErrorMessage('You are part of the Phishing group which restricts access to internet. Please contact the CyberSecurity team for additional details');
                        return false;
                    }).length > 0;
                } else {
                    ismemberofgroup = false;
                    return true;
                }
            });
        });
    });
    //                                 try {

    //                                     var resultgrp = json_value_obj[0].principalid;
    //                                     if (denyInternet.toUpperCase() == resultgrp.toUpperCase() || phising.toUpperCase() == resultgrp.toUpperCase()) {
    //                                         g_scratchpad.isGroupVerified = false;
    //                                         g_form.addErrorMessage('You are part of the Phishing group which restricts access to internet. Please contact the CyberSecurity team for additional details');
    //                                     } else {
    //                                         g_scratchpad.isGroupVerified = true;
    //                                     }

    //                                 } catch (e) {
    //                                     g_scratchpad.isGroupVerified = true;
    //                                 }
    //                             });

    //                             function filter(obj_answer, propertie, operator, value) {
    //                                 if (operator == '!=') {
    //                                     return obj_answer.filter(function(entitle) {
    //                                         return entitle[propertie] != value;
    //                                     });
    //                                 } else if (operator == '==') {
    //                                     return obj_answer.filter(function(entitle) {
    //                                         return entitle[propertie] == value;
    //                                     });
    //                                 }

    //                             }

    //                             var entitlements = json_value_obj;
    //                             var obj_entitlements = JSON.parse(entitlements);
    //                             var account = obj_entitlements[0].principalid; //IAM Field: PrincipalID | Not in ServiceNow
    //                             var iamAPIUtils = new GlideAjax('x_iem_iam.IAM_API_Utils');
    //                             iamAPIUtils.addParam('sysparm_name', 'getEntitlementsForAccount');
    //                             iamAPIUtils.addParam('sys_param_odata', account);
    //                             var filterEntitlementsArray = filter(iamAPIUtils, 'principaltypedesc', '!=', 'OBJ - Server Local Group');
    //                             var groupmembership = JSON.stringify(filterEntitlementsArray);

    //                             var groupName = denyInternet;
    //                             var internetPhisinf = phising;
    //                             var string_obj = groupmembership;
    //                             if (string_obj) {
    //                                 var obj_answer = JSON.parse(string_obj);
    //                                 var ismemberofgroup = obj_answer.filter(function(obj) {
    //                                     return obj.uid == groupName;
    //                                 }).length > 0;
    //                             } else {
    //                                 ismemberofgroup = false;
    //                             }


}

Thanks,

JRY