Hi community,

Got an ACL script that I'm trying to augment to allow the current user to read a requested item if s/he is one of the approver(s) of that requested item. I'm pretty green at creating and calling functions and I think that may be where I've made an error. Having a hard time finding examples to help me fix it though, especially from within an ACL.

The ACL script before I got to it was

(note: line breaks added here for readability... hopefully it's not confusing)

current.isNewRecord() || current.opened_by == gs.getUserID() ||
current.request.requested_for == gs.getUserID() ||
gs.hasRole('itil,sn_request_write') ||
current.watch_list.indexOf(gs.getUserID()) > -1;

and it worked fine. In fact if I add the 'itli' role (one of the conditions above) to my test user I have verified he can read the record in question.

If possible, I need one more OR condition to determine if the current user is one of the approvers of the current record, and if so, allow him to read it / if not disallow reading.

This is the modified script I came up with but isn't working

current.isNewRecord() || current.opened_by == gs.getUserID() ||
current.request.requested_for == gs.getUserID() ||
gs.hasRole('itil,sn_request_write') ||
current.watch_list.indexOf(gs.getUserID()) > -1 ||
isApprover(gs.getUserID());

function isApprover(cu) {
	var sa = new GlideRecord('sysapproval_approver');
	sa.addQuery('sysapproval',current.sys_id);
	sa.addQuery('approver',cu);
	sa.query();
	if (sa.next()) {
		return true;
	}
	else {
		return false;
	}
}

I did a little testing by taking the GlideRecord query bit, used it in a background script, modified slightly to pass a specific sc_req_item sys_id, changed 'cu' in line 6-ish to gs.getUserID(), and it did give me the right result back.

If any other details would help let me know please and thanks in advance for anything you can offer!