Ahmed Hmeid, I am making some progress and have my script include being called; here's what I have so far - does this look correct based on my original ACL?

var plt_hr_caseSecurityManager = Class.create();




plt_hr_caseSecurityManager.prototype = Object.extendsObject(hr_caseSecurityManager ,{




       canRead: function() {




               if (this._gr.isNewRecord()) {


                       this._logDebug("[canRead] New record, granting access");


                       return true;


               }




               // Check the hr role and not restricted


               if (this._gs.hasRole(hr.ROLE_HR_CASE_READER) || this.u_restrict_case_access == 'false') {


                       return true;


               }




               // Check the hr role and restricted


               if (this._gs.hasRole(hr.ROLE_HR_MANAGER) || this.u_restrict_case_access == 'true') {


                       return true;


               }




               // Check if it's the user who assigned to the case


               if (this._isAssignedTo()) {


                       this._logDebug("[canRead] Granting access to assigned_to");


                       return true;


               }




               // Check if it's the user who opened the case


               if (this._isOpenedBy()) {


                       this._logDebug("[canRead] Granting access to opened_by");


                       return true;


               }




               // Check if it's the user who the case was opened for


               if (this._isOpenedFor()) {


                       this._logDebug("[canRead] Granting access to opened_for");


                       return true;


               }




               // Check if it's a user in the watch list field


               if (this._isInWatchList()) {


                       this._logDebug("[canRead] Granting access to watch list user");


                       return true;


               }




               this._logDebug("[canRead] Denying access to record for " + this._gs.getUserName());




               return false;


       },




       type: 'plt_hr_CaseSecurityManager'




});

Your script looks good. If I were doing it, I would probably modify the function "canRead" as follows:

/** PLEASE TEST 


       


     This should work, but the code comes with no warranty.


**/




var plt_hr_caseSecurityManager = Class.create();


plt_hr_caseSecurityManager.prototype = Object.extendsObject(hr_caseSecurityManager ,{ 


         canRead: function() {


                     // Insert here your override logic


                       // Say for example you want to allow "Xyz" role to have permission





                   /*


                             if(... ) {


                             }


                   */








                   // Now for the other cases simply use the default logic. 


                    return hr_caseSecurityManager.prototype.canRead.call(this); 


         },





         type: 'plt_hr_CaseSecurityManager'   


});

Jayaprakash Pasala, thanks for your advice, however i'm still not able to get this to work.

I get the following error in the log:

org.mozilla.javascript.EcmaError: "plt_hr_caseSecurityManager" is not defined.


     Caused by error in Script Include: 'hr_Factory' at line 53






         50:             switch (_gr.getTableName()) {


         51:                 case "hr_case":


         52: gs.log("JW-DEBUG: HR CASE");


==>   53:                         return plt_hr_caseSecurityManager(_gr, _gs);


         54:                 default:


         55: gs.log("JW-DEBUG: DEFAULT");


         56:                         return hr_BaseFactory.getSecurityManager(_gr, _gs);

This is the hr_Factory script include:

var hr_Factory = Class.create();






/**


 * Returns a new instance of a wrapper type for the given GlideRecord


 */


hr_Factory.wrap = function(_gr, _gs) {


       var wrapperType = hr_Factory.getWrapperType(_gr.getTableName());


       return new wrapperType(_gr, _gs);


};






/**


 * Returns the correct wrapper to instantiate based on the table provided.


 * 


 * This function needs to be changed to allow for the addition of more script includes.


 * 


 * Bellow is an example change that would be made to the function if the hr_Case script include was extended.


 * Note that we've added the check for hr_case to return the new type, all other type requests are handled by the base factory. 


 * 


 *         switch (tableName + "") {


 *             case hr.TABLE_CASE:


 *                     return cust_hr_Case // name of the new script include that extends hr_case;


 *             default:


 *                     return hr_BaseFactory.getWrapperType(tableName);


 *         }


 */






hr_Factory.getWrapperType = function(tableName) {


       return hr_BaseFactory.getWrapperType(tableName);


};










/**


 * Returns a new instance of a security manager for the given GlideRecord.


 * 


 * The same changes will be needed (as above) if the security managers are extended.


 */






/*


// *** Original Baseline Code ****


hr_Factory.getSecurityManager = function(_gr, _gs) {


       return hr_BaseFactory.getSecurityManager(_gr, _gs);


};


*/










// PLT Extended Code






hr_Factory.getSecurityManager = function(_gr, _gs) {






           switch (_gr.getTableName()) {


               case "hr_case":


gs.log("JW-DEBUG: HR CASE");


                       return plt_hr_caseSecurityManager(_gr, _gs);


               default:


gs.log("JW-DEBUG: DEFAULT");


                       return hr_BaseFactory.getSecurityManager(_gr, _gs);


           }






};

Hi,

You should change the error line to (this should fix it):

plt_hr_caseSecurityManager.getSecurityManager(_gr, _gs);

thanks,

JP