ACL for HR Case
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-30-2015 11:12 AM
We are currently implementing HR Service Management and have a requirement where an assignment group can restrict case access to their assignment group only.
I have achieved this by adding a new field on the form 'Restrict Case Access' and a new read ACL rule:
Everything appears to work as expected, however, my question is, should I be using 'hr_Factory.getSecurityManager(current, gs).canRead()' as many of the other HR ACL rules appear to be using - after reading the wiki I am confused on how to work with these custom wrappers.
Am i creating issue for myself by not using the wrappers?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2015 04:05 PM
still seeing the error after changing the code:
org.mozilla.javascript.EcmaError: "plt_hr_caseSecurityManager" is not defined.
Caused by error in Script Include: 'hr_Factory' at line 53
50: switch (_gr.getTableName()) {
51: case "hr_case":
52: gs.log("JW-DEBUG: HR CASE");
==> 53: return plt_hr_caseSecurityManager.getSecurityManager(_gr, _gs);
54: default:
55: gs.log("JW-DEBUG: DEFAULT");
56: return hr_BaseFactory.getSecurityManager(_gr, _gs);
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2015 05:12 PM
Hi jwalton,
Can you please verify that the script include : "plt_hr_caseSecurityManager" exists? If I am reading the error right, it is stating that the script include "plt_hr_caseSecurityManager" is not defined (the script file name and class are same - usually a convention).
Probably, you have the script file name and class name defined correctly but can you double check?
Thanks,
JP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-30-2015 02:11 PM
Thanks JP!
The error was being caused by having an upper case 'C' for the script include name and and a lowercase 'c' for the classes.
plt_hr_CaseSecurityManager vs plt_hr_caseSecurityManager
I'm still having issues with my ACL working correctly (restrict query!?) but at least there is no error in the log
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-30-2015 02:21 PM
Hi Walton,
This usually means that the restriction in your code is probably not what you want. Is the code being too restrictive or not too restrictive? Here is what you can do to diagnose the issue:
- Add log messages to indicate whether the user is permitted or not permitted to see the details.
- Turn on the "System Diagnostics" > "Debug Security".
- The logs at the bottom of screen will indicate which function authorized the user to view the record.
Thanks,
JP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-20-2015 08:55 PM
Did you get past the restrict query issue? I am having what appears to be a similar issue where it is being too restrictive and I am looking for some help.
Thanks!