Before Query Business rule

afroz8049
Tera Contributor

‎02-14-2024 11:35 AM

Whenever an end user submits the Ask HR catalog item, the request and RITM should be visible on the portal level and backend for that user and HR group, but when other end users try that, it should not be visible. Below is the sample script
 
Issue: It's not retrieving customItem and Requested for user value
 
 
(function executeRule(current, previous /*null when async*/ ) {
    var currentUser = gs.getUser();
    var groupId = gs.getProperty('askhr.group.property');
    var catalogItemId = gs.getProperty('askhr.catalog.item.property');

 

    // Log relevant fields for debugging
    gs.info("Current Catalog Item: " + current.u_item);
    gs.info("Requested For User: " + current.requested_for);
    gs.info("Configured Catalog Item: " + catalogItemId);

 

    // Retrieve the requested catalog item from the current request
    var customItem = current.u_item.getValue();

 

    // Log the retrieved value for debugging
    gs.info("Retrieved Catalog Item: " + customItem);

 

    // Check if the catalog item is Ask HR
    if (customItem == catalogItemId) {
        gs.info("User " + currentUser.getDisplayName() + " is trying to access Ask HR catalog item.");

 

        // Check if the current user is either the requested_for user or a member of the HR group
        if (current.requested_for == currentUser.getID() || currentUser.isMemberOf(groupId)) {
            gs.info("User " + currentUser.getDisplayName() + " has permission to view the record.");
            // Show the request and RITM
            return;
        } else {
            // Hide the request and RITM for other ITIL users
            current.setAbortAction(true);
            current.addErrorMessage("You do not have permission to view this record.");
            gs.info("User " + currentUser.getDisplayName() + " does not have permission to view the record.");
        }
    } else {
        // If the conditions are not met, exit the function
        gs.info("Not an Ask HR catalog item.");
        return;
    }
})(current, previous);
0 Helpfuls
  • 568 Views
5 REPLIES 5

Tony Chatfield1
Kilo Patron
In response to afroz8049

‎02-15-2024 11:26 AM

HI, from your update\use case and the mention of 'should not be visible or accessible as it's confidential data'
I believe that you should be using ACL to ensure that these records are secured.

0 Helpfuls