How to make Attachements Private or Public.

Rohant Joshi2 · ‎03-25-2014

Hello,

I have a requirement to make attachments to a form as public or private. I have added a checkbox on attachement form named "Is Private file".At the time of attachement if I check the check box, this attachement is private and should be visible to only ITIL and admins. If I dont check this check box by default this attachement will be public and visible to all.

I have tried this on demo019. But I dont find way to proceed to make this functionality work.

Can anyone guide me on that.

Thanks in advance.

Diogo Soares · ‎01-18-2023

Hi Christian!

Thank you for your solution!

I've followed what you share with the community but I'm not seeing the private option in top of the form

I've implemented exactly what you describe above but that option doesn't show up.

Do you know what could it be?

Paul Curwen · ‎03-20-2019

Nice solution. ServiceNow really do need to provide this OOB though.

***If Correct/Helpful please take time mark as Correct/Helpful. It is much appreciated.***

Regards

Paul

Henrik Jutterst · ‎12-04-2020

Thanks to Christians post we managed to do this.

It's the same code but with some more information on the implementation. We added this functionallity to the [incident] table, so here is what we did.

1. On the table [sys_attachment] create a new field, called Private (name: u_private) that is a type of true/false.

2. Create a onLoad Client script and make sure that Isolate script checkbox is blank.

function onLoad() {
	try {
		jQuery("#header_add_attachment,#header_attachment_list_label").click(function() {
			setTimeout(function() {
				addCheckboxes("#attachment_table_body ");
				var modalOpen = setInterval(function() {
					addCheckboxes("#attachment_table_body ");
				}, 1500);

				jQuery("#attachment_closemodal").click(function() {
					clearInterval(modalOpen);
					setTimeout(function() {
						addCheckboxes("");
					}, 0);
				});
			}, 1000);
		});

		// On load
		addCheckboxes("");
	} catch (e) {
		console.log("Error:: Set attachments private");
		console.log(e);
	}

	function addCheckboxes(selectPrefix) {
		var attachments = jQuery(selectPrefix + 'a[class*="rename"]');
		for (var i = 0; i < attachments.length; i++) {
			var attachmentSysId = attachments[i].className.split("_")[1];
			var gr = new GlideRecord("sys_attachment");
			gr.addQuery("sys_id", attachmentSysId);
			gr.query(function(grAttachment) {
				if (grAttachment.next()) {
					try {
						var allreadyAdded = jQuery('#private-checkbox-' + (selectPrefix != "" ? "modal-" : "") + grAttachment.sys_id);
						//console.log(allreadyAdded);
						var checked = "";
						if (grAttachment.u_private == "true") {
							checked = "checked";
						}
						if (!allreadyAdded[0]) {
							var renameLink = jQuery(selectPrefix + 'a.attachment.rename_' + grAttachment.sys_id)[0];
							renameLink.insert({
								before: '[<input type="checkbox" id="private-checkbox-' + (selectPrefix != "" ? "modal-" : "") + grAttachment.sys_id + '" ' + checked + ' value="' + grAttachment.sys_id + '"> private]'
							});
							jQuery('#private-checkbox-' + (selectPrefix != "" ? "modal-" : "") + grAttachment.sys_id).change(function() {
								try {
									if (jQuery(this).prop("value").length == 32) {
										var grSavePrivateCheckbox = new GlideRecord("sys_attachment");
										grSavePrivateCheckbox.addQuery("sys_id", jQuery(this).prop("value"));
										grSavePrivateCheckbox.query(); // using synchronous on the save, will not affect page load
										if (grSavePrivateCheckbox.next()) {
											grSavePrivateCheckbox.u_private = this.checked;
											grSavePrivateCheckbox.update();
										}
									}
								} catch (e) {}
							});
						} else {
							jQuery('#private-checkbox-' + (selectPrefix != "" ? "modal-" : "") + grAttachment.sys_id).prop("checked", checked == "checked");
						}
					} catch (e) {}
				}
			});
		}
	}
}

3. Create a role called [private_attachments]. This role is inherited to you if you have the itil-role.

4. Create an ACL to give access to read attachments marked as private.

//answer = new global.AttachmentSecurity().canRead(current);
var oobCanRead = new global.AttachmentSecurity().canRead(current);
var privateAttachment = current.u_private;

if(!privateAttachment && oobCanRead){
	answer = true;
}
else{
	if(gs.hasRole('private_attachment') && oobCanRead){
			answer = true;
	}
	else{
		answer = false;
	}
}

rlehmann · ‎12-18-2020

Hi Henrik,

I followed the 4 steps you have outlined and was not successful in getting the private check box to appear attachments for an incident.
I wasn't 100% clear on where the onLoad Client Script was supposed to be created, so I have tried it on both the sys_attachment table and the incident table, but neither will show the check box. Isolate script is blank, as you recommended.
All code was copied directly from your post and has not been edited.
I have also tried disabling the OOB ACL for read on sys_attachment, which contains the advanced condition, just in case there was a conflict.

answer = new global.AttachmentSecurity().canRead(current);

I've confirmed via security debugging that the new ACL is working correctly and that someone with the ITIL role is given read access to the attachment via the newly created ACL you provided.

Any suggestions as to why this isn't working correctly?

We are currently running on Paris Patch 3.

Thanks very much for your detailed post and in advance for your response.

Cheers,
Ron

Henrik Jutterst · ‎12-28-2020

Hi Ron and thanks for getting back.

Sorry to hear that you didn't manage to get it to work. To be honest I didn't do that much of anything else in the comment but let me give you some feedback that might help.

I started of in my own PDI and it was fairly fresh. Think it was running Orlando or maybe Paris so I guess you're good there.

Second think. The client script is on the incident table. See screen shot: