How to make Script InClude client-callable run as system

Go to solution
Thuy Thao
Tera Guru

‎07-11-2024 04:41 AM

Hello community,

 

I have a situation like below:

 

- In our system, there is a before query business rule, run on Group table, it will restrict non-admin user to see inactive groups.

- I have a form for Group creation

- When enter a Group name, it will call a Script Include to check if the Group name is existed in the system.

- However, when non-admin user use this form, if they input a Group name which is inactive, it will return that the group is not existed yet. It leads to a wrong result. The expectation is it will return the group is already existed.

 

Is there any solution for this situation please? Thank you in advance.

0 Helpfuls
  • 1,138 Views
1 ACCEPTED SOLUTION

Go to solution
Mark Manders
Mega Patron

‎07-11-2024 05:11 AM

can you check if it will work if you add this to your query BR, before the check on role:

 

if (gs.getSession().getProperty('bypass_inactive_group_check') === 'true') {
        return;
    }

 

and something like this in the script include (focused on the setting of the property):

 

checkDuplicateGroupName: function(groupName) {
        // Set a session property to bypass the before query business rule
        gs.getSession().putProperty('bypass_inactive_group_check', 'true');

        var gr = new GlideRecord('sys_user_group');
        gr.addQuery('name', groupName);
        gr.query();

        // Clear the session property
        gs.getSession().putProperty('bypass_inactive_group_check', 'false');

        var exists = false;
        if (gr.next()) {
            exists = true;
        }

        return exists;
    },

 


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

4 REPLIES 4

Go to solution
HrishabhKumar
Kilo Sage

‎07-11-2024 05:00 AM - edited ‎07-11-2024 05:04 AM

Hi @Thuy Thao ,

To solve this issue, you can modify your Script Include to bypass the before query business rule when checking for existing group names. One approach is to temporarily elevate the user's privileges to run the query or to use a GlideRecord query that explicitly includes inactive records.

 

Solution 1: Use GlideRecord with Inactive Query

Modify the Script Include to use a GlideRecord query that explicitly includes inactive records. You can do this by adding a condition to include all records, regardless of their active status.

code will be something like this, you can modify it according to you:

 

 

var GroupUtils = Class.create();
GroupUtils.prototype = {
    initialize: function() {},

    isGroupNameExists: function(groupName) {
        var gr = new GlideRecord('sys_user_group');
        gr.addQuery('name', groupName);
        gr.query();
        if (gr.next()) {
            return true;
        }
        return false;
    },

    type: 'GroupUtils'
};

 

 

 

Solution 2: Temporarily Elevate Privileges

Use the GlideUser API to temporarily elevate the user's privileges to allow them to see inactive groups. This can be done by impersonating an admin user during the query and then reverting back.

For this you use the following code logic:

 

 

var GroupUtils = Class.create();
GroupUtils.prototype = {
    initialize: function() {},

    isGroupNameExists: function(groupName) {
        var currentUserID = gs.getUserID();
        var adminUserID = 'admin_user_sys_id'; // Replace with actual sys_id of an admin user

        // Impersonate an admin user
        gs.getSession().impersonate(adminUserID);

        var gr = new GlideRecord('sys_user_group');
        gr.addQuery('name', groupName);
        gr.query();

        // Revert back to the original user
        gs.getSession().impersonate(currentUserID);

        if (gr.next()) {
            return true;
        }
        return false;
    },

    type: 'GroupUtils'
};

 

 

 

Thanks,

Hope this helps.

If my response turns useful please mark it helpful and accept solution.

Go to solution
Vrushali Kolte
Mega Sage

‎07-11-2024 05:08 AM

Hello @Thuy Thao ,

 

You can use the gr.setWorkflow(false) method in your GlideRecord query to prevent any business rules from executing.

 

 

 

//Example -

var gr = new GlideRecord('table');

gr.addQuery(<query>);

gr.setWorkflow(false);

gr.query();

 

 

 

If my answer solves your issue, please mark it as Accepted and Helpful based on the impact

Go to solution
Mark Manders
Mega Patron

‎07-11-2024 05:11 AM

can you check if it will work if you add this to your query BR, before the check on role:

 

if (gs.getSession().getProperty('bypass_inactive_group_check') === 'true') {
        return;
    }

 

and something like this in the script include (focused on the setting of the property):

 

checkDuplicateGroupName: function(groupName) {
        // Set a session property to bypass the before query business rule
        gs.getSession().putProperty('bypass_inactive_group_check', 'true');

        var gr = new GlideRecord('sys_user_group');
        gr.addQuery('name', groupName);
        gr.query();

        // Clear the session property
        gs.getSession().putProperty('bypass_inactive_group_check', 'false');

        var exists = false;
        if (gr.next()) {
            exists = true;
        }

        return exists;
    },

 


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Go to solution
OlaN
Giga Sage
Giga Sage

‎07-11-2024 05:28 AM

Hi,

By adding a condition as below to your beforeQuery business rule you can still get results back from your script include using the standard GlideRecord methods.

gs.isInteractive()

 

Solution 1 provided by HrishabhKumar only works if this kind of condition is in place, otherwise the query will not return any results, because it runs before every query (including those from a script include).

 

I would generally advise against solution 2 provided, because.. well impersonating back and forth is not a good solution.