API for validating User Criteria on Service Catalog

Go to solution
nmartinez
Kilo Contributor

‎02-29-2016 12:10 PM

Regarding User Criteria on the Service Catalog. Is the API that ServiceNow uses to validate that the current user is entitled to view and order the catalog item accessible via server-side scripting? If so, is there any documentation on it?

I have wrote an application that allows automated Catalog Requests to be requested via a scripted web service. However, using an user account that would normally be prevented from requesting said Catalog Item through the UI is able to order any Catalog Item.

I'd rather not reinvent the wheel with my own validation if the out-of-the-box validation is accessible.

0 Helpfuls
  • 4,403 Views
1 ACCEPTED SOLUTION

Go to solution
Brad Tilton
ServiceNow Employee
ServiceNow Employee

‎02-29-2016 12:21 PM

Hi Nick,



I think this will evaluate user criteria:



GlideappCatalogItem.get('catalog item sys_id').canView();


View solution in original post

8 REPLIES 8

Go to solution
quiksilver
Mega Guru
In response to Brad Tilton

‎11-02-2016 07:29 AM

Hi Brad,



I used your code and it worked for Catalog Item. Thanks a lot for this.



However, I need to do the same for knowledge base.   Is there a similar line of code to check if a user can view the Knowledge base? Where the Knowledge Base uses User Criteria as well.



Thanks a lot



Broderick


0 Helpfuls

Go to solution
maheshm
Tera Expert
In response to Brad Tilton

‎08-06-2019 08:18 AM

Brad,

Do you have an API or any code snippet that helps fetching the list of users based on the User Criteria ?

Thanks,

MM.

0 Helpfuls

Go to solution
Rupam_39
Giga Guru
In response to Brad Tilton

‎08-12-2019 07:30 AM

Hi Brad,

I tried to evaluate the user criteria for Knowledge using the Impersonation and GlideRecordSecure API. It worked and returned correct results. Below is the Script Include for the same.

var My_KBs_Accessibility_Global_V2 = Class.create();
My_KBs_Accessibility_Global_V2.prototype = {
    initialize: function() {
    },
	
	_impersonateUser: function(userId) { 
		var impUser = new GlideImpersonate(); 
		return impUser.impersonate(userId); 
	},
	
	_pullKBData: function(){
		var kbList = [];
		var kbGR = new GlideRecordSecure("kb_knowledge_base");
		kbGR.addActiveQuery();
		kbGR.query();
		while(kbGR.next()){
			//gs.info(kbGR.getValue('title'));
			var articleList = [];
			var msg = "";
			var kbArticlesGR = new GlideRecordSecure("kb_knowledge");
			kbArticlesGR.addQuery("kb_knowledge_base", kbGR.getUniqueValue());
			kbArticlesGR.query();
			if(kbArticlesGR.hasNext()){
				while(kbArticlesGR.next()){
					articleList.push({
						"number": kbArticlesGR.getValue("number"),
						"short_description": kbArticlesGR.getValue("short_description"),
						"sys_id": kbArticlesGR.getUniqueValue()
					});
				}
			}
			else{
				msg = "This knowledge base doesn't have any articles";
			}

			if(msg != ""){
				kbList.push({
					"title": kbGR.getValue('title'),
					"owner": kbGR.owner.getDisplayValue(),
					"description": kbGR.getValue('description'),
					"articles": msg
				});
			}

			else{
				kbList.push({
					"title": kbGR.getValue('title'),
					"owner": kbGR.owner.getDisplayValue(),
					"description": kbGR.getValue('description'),
					"articles": articleList
				});
			}
		}
		//gs.info(JSON.stringify(kbList));
		return JSON.stringify(kbList);
	},
	
	startMechanism: function(userToImpersonate){
		var adminId = gs.getUserID();
		var Id = this._impersonateUser(userToImpersonate);
		var pay = "";
		if(Id.length() == 32){
			//gs.info("Hello World");
			pay = this._pullKBData();
		}
		this._impersonateUser(adminId);
		//gs.info("Hello");
		return pay;
	},

    type: 'My_KBs_Accessibility_Global_V2'
};

 

But when I used the same for Service Catalog User Criteria, it returned too many results. Then, I tried the solution above suggested by you. It worked. It doesn't made any sense to me.

Is there a place to find these hidden APIs. I observed a similar problem with the service portal Date-picker, Record Picker, Choice List, and many more like GlideLDAP, GlideSecurityManager, SNCProbe.

When I googled "GlideappCatalogItem" it shows that it is a Replacement API for the package [Packages.com.glideapp.servicecatalog.CatalogItem] Link

In search of the API, I also checked the developer.servicenow API section. There I found some APIs for "User Criteria" evaluation, but when I tried the below examples for the User Criteria Loader , it gave the error that "sn_uc" is not defined.

var result = new sn_uc.UserCriteriaLoader.getAllUserCriteria('4194056f0f10b300729306ace1050e5f');

//Where '4194056f0f10b300729306ace1050e5f' is the sys_id of the user.
gs.log(result);

//OUTPUT
/*

Evaluator: org.mozilla.javascript.EcmaError: "sn_uc" is not defined.
   Caused by error in script at line 1

==>   1: var result = new sn_uc.UserCriteriaLoader.getAllUserCriteria('4194056f0f10b300729306ace1050e5f');
      2: gs.log(result);

*/

I checked the community for "getAllUserCriteria" function and I found below [Link]

 

gs.info(SNC.UserCriteriaLoader.getAllUserCriteria('4194056f0f10b300729306ace1050e5f'));

// Where '4194056f0f10b300729306ace1050e5f' is the sys_id of the user, for whom you want to pull the User Criteria.

//OUTPUT
*** Script: 051e0c654fb30200086eeed18110c757,d2d2e20557130300d873ac71ef94f9aa,35e8f6990f053700729306ace1050ead,fb1166d64fff0200086eeed18110c7ab,90052d180fdbf300729306ace1050e54


//I also tried with Impersonation. Below is the code snippet

function impersonateUser(userId) { 
	var impUser = new GlideImpersonate(); 
	return impUser.impersonate(userId); 
}

var adminId = gs.getUserID();
var id = impersonateUser('4194056f0f10b300729306ace1050e5f');

gs.info(SNC.UserCriteriaLoader.getAllUserCriteria());

impersonateUser(adminId); 

//OUTPUT

*** Script: 051e0c654fb30200086eeed18110c757,d2d2e20557130300d873ac71ef94f9aa,35e8f6990f053700729306ace1050ead,fb1166d64fff0200086eeed18110c7ab,90052d180fdbf300729306ace1050e54
Removing role: sn_si.read for user 6816f79cc0a8016401c5a33be04be441
Removing role: sn_si.knowledge_admin for user 6816f79cc0a8016401c5a33be04be441
Removing role: sn_si.manager for user 6816f79cc0a8016401c5a33be04be441
Removing role: sn_si.basic for user 6816f79cc0a8016401c5a33be04be441
Removing role: sn_si.admin for user 6816f79cc0a8016401c5a33be04be441
Removing role: sn_si.analyst for user 6816f79cc0a8016401c5a33be04be441

 

Will ServiceNow ever release a comprehensive guide to their APIs or  update the Developer.servicenow API section to include those hidden APIs.

 

Thanks & Regards,
Rupam

0 Helpfuls

Go to solution
Alexandre Sing2
Kilo Expert

‎02-21-2018 07:40 AM

@quicksilver :

Some Service Portal API to evaluate Knowledge access

You have :

var kb = GlideRecord('kb_knowledge_base');

kb.query();

GlideappKBIncludes.canAccess(kb, true)

for accessing knowledge bases

and

var kb = new GlideRecord("kb_knowledge");

kb.query();

$sp.canReadRecord("kb_knowledge", kb.getUniqueValue()) //this does seems generic : check table + sys_id.

 

@b-rad :

 

It seems GlideappCatalogItem.get('catalog item sys_id').canView() performs a "hasRoleExactly" check... in addition to the UCs.

 

0 Helpfuls