ACL help: On sc_req_item table, allow READ if current user is an approver

apjohn2
Mega Sage

Hi community,

Got an ACL script that I'm trying to augment to allow the current user to read a requested item if s/he is one of the approver(s) of that requested item. I'm pretty green at creating and calling functions and I think that may be where I've made an error. Having a hard time finding examples to help me fix it though, especially from within an ACL.

The ACL script before I got to it was

(note: line breaks added here for readability... hopefully it's not confusing)

current.isNewRecord() || current.opened_by == gs.getUserID() ||
current.request.requested_for == gs.getUserID() ||
gs.hasRole('itil,sn_request_write') ||
current.watch_list.indexOf(gs.getUserID()) > -1;

and it worked fine. In fact if I add the 'itli' role (one of the conditions above) to my test user I have verified he can read the record in question.

If possible, I need one more OR condition to determine if the current user is one of the approvers of the current record, and if so, allow him to read it / if not disallow reading.

This is the modified script I came up with but isn't working

current.isNewRecord() || current.opened_by == gs.getUserID() ||
current.request.requested_for == gs.getUserID() ||
gs.hasRole('itil,sn_request_write') ||
current.watch_list.indexOf(gs.getUserID()) > -1 ||
isApprover(gs.getUserID());

function isApprover(cu) {
	var sa = new GlideRecord('sysapproval_approver');
	sa.addQuery('sysapproval',current.sys_id);
	sa.addQuery('approver',cu);
	sa.query();
	if (sa.next()) {
		return true;
	}
	else {
		return false;
	}
}

I did a little testing by taking the GlideRecord query bit, used it in a background script, modified slightly to pass a specific sc_req_item sys_id, changed 'cu' in line 6-ish to gs.getUserID(), and it did give me the right result back.

If any other details would help let me know please and thanks in advance for anything you can offer!

1 ACCEPTED SOLUTION

apjohn2
Mega Sage

I figured it out and you were right @MB it does work! The issue was a 2nd Read ACL on the same table that needed the same script adjustment.

I think w/out you pushing me to keep at it I'd not have thought to check other areas so I appreciate it very much!

Cheers,

-Aaron

View solution in original post

9 REPLIES 9

Mike Patel
Tera Sage

try

current.isNewRecord() || current.opened_by == gs.getUserID() ||
current.request.requested_for == gs.getUserID() ||
gs.hasRole('itil,sn_request_write') ||
current.watch_list.indexOf(gs.getUserID()) > -1 ||
new ApproverUtils().canApproversRead();

That did not work. I looked up the script include; while it seems like a good bet it doesn't seem to work, at least not as written in your suggestion.

Thank you for the suggestion. Still looking.

The Machine
Kilo Sage

I wonder if answer = true instead of return true would work.

Tried this too - no luck. Thank you for the suggestion!