Need help with a custom script
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-23-2024 12:55 AM
Hi Community, We are passing 2 parameters ProjectID and psNo in a Scripted Rest API GET resource. The requirement is to grant access to anyone who has the 4 project titles(u_project.project_manager,u_project.u_delivery_manager, u_project.u_additional_pm,u_project.u_account.u_key_delivery_manager) OR any other user who has the role 'itbm_read_only' from sys_user_has_role table based on the psNo paremeter, please suggest what can be done in this script.
In the current form, it is not working for users with itbm_read_only role.
(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
// Get the query parameters
var projectID = request.queryParams.ProjectID;
var psNo = request.queryParams.PSno;
// gs.info('ProjectID: ' + projectID);
// gs.info('PSno: ' + psNo);
var smdata = [];
var smrt = new GlideRecord('u_smr_transaction_data');
var query = 'sys_created_onONLast 6 months@javascript:gs.beginningOfLast6Months()@javascript:gs.endOfLast6Months()';
// Add the projectID to the query if provided
if (projectID) {
query += '^u_project_id=' + projectID;
}
// Add the psNo to the query with OR conditions
if (psNo) {
query += '^u_project.project_manager.employee_number=' + psNo +
'^ORu_project.u_delivery_manager.employee_number=' + psNo +
'^ORu_project.u_additional_pm.employee_number=' + psNo +
'^ORu_project.u_account.u_key_delivery_manager.employee_number=' + psNo;
}
// Query sys_user_has_role table for itbm_read_only role
var userRole = new GlideRecord('sys_user_has_role');
userRole.addQuery('role.name', 'itbm_read_only');
userRole.query();
var userIds = [];
while (userRole.next()) {
userIds.push(userRole.user.sys_id.toString());
}
if (userIds.length > 0) {
query += '^ORu_project.u_account.u_key_delivery_manager.sys_idIN' + userIds.join(',');
}
gs.info('Encoded Query: ' + query);
smrt.addEncodedQuery(query);
smrt.query();
while (smrt.next()) {
var sm = {};
sm.SMRnumber = smrt.getValue('u_smr_number');
sm.ProjectID = smrt.getValue('u_project_id');
sm.PSNo = smrt.getDisplayValue('u_project.project_manager.employee_number');
sm.Month = smrt.getDisplayValue('u_reporting_month') + " " + smrt.getDisplayValue('u_reporting_year');
sm.Level = smrt.getValue('u_level_1');
sm.Parameter = smrt.getValue('u_parameter');
sm.LSL = smrt.getDisplayValue('u_lsl');
sm.USL = smrt.getDisplayValue('u_usl');
sm.Goal = smrt.getDisplayValue('u_goal');
sm.Technology = smrt.getDisplayValue('u_technology');
sm.Sprint = smrt.getDisplayValue('u_sprint');
sm.SMRType = smrt.getDisplayValue('u_smr_type');
sm.TargetValue = smrt.getDisplayValue('u_target_value');
sm.ActualValue = smrt.getDisplayValue('u_actual_value');
sm.RAGStatus = smrt.getDisplayValue('u_rag_status');
sm.PMRemarks = smrt.getDisplayValue('u_remarks');
sm.SMRemarks = smrt.getDisplayValue('u_sm_remarks');
sm.Trends = smrt.getValue('u_trends');
sm.Link = smrt.getValue('u_link');
sm.ProjectType = smrt.getDisplayValue('u_project.u_project_category');
// Fetch data from u_smr_table
var smrTable = new GlideRecord('u_smr_table');
smrTable.addQuery('u_number', smrt.getValue('u_smr_number'));
smrTable.query();
if (smrTable.next()) {
sm.GoverningUnit = smrTable.getDisplayValue('u_governance_practice');
}
smdata.push(sm);
}
response.setBody(smdata);
})(request, response);
- Labels:
-
Service Portfolio Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-23-2024 04:11 AM
Is the expected value seen in your log of psNo? You'll also want to log 'query' after the if(psNo) block, and/or after the userRole GR, and match that with a manual filtering of your custom table, then right-click the last breadcrumb in the filter navigation to copy the query. This will also confirm that the expected users are added to the query. I'm not following why you are doing the userRole GR outside of any if conditions if this is based on the psNo parameter, so if psNo doesn't have anything to do with the role then skip that part - whatever makes sense to you.
