Script condition for ACL: users can access only incidents belonging to their department

cristinam77
Tera Contributor

Hi,

 

I have to write a script condition for an ACL that allows users to access only incidents belonging to their department.

I write this script, but it's not working as expected. Does anyone have any idea what is wrong?

 

 
var userDepartment = gs.getUser().getDepartmentID();  // Get the department of the current user
 
var assignedToDepartment = current.assigned_to.department;  // Get the department of the user assigned to the incident

// Check if the departments match
if (userDepartment == assignedToDepartment) {
    answer = true;  // Allow access if departments match
} else {
    answer = false;  // Deny access if departments don't match
}

 

 

1 ACCEPTED SOLUTION

Runjay Patel
Giga Sage

Hi @cristinam77 ,

 

if you are writing this for global application then it should work but in scoped app gs.getUser().getDepartmentID(); won’t work. 

View solution in original post

4 REPLIES 4

Runjay Patel
Giga Sage

Hi @cristinam77 ,

 

if you are writing this for global application then it should work but in scoped app gs.getUser().getDepartmentID(); won’t work. 

yes, for the global application is not working as expected. the current user can see only some incidents assigned to him.

kumar2sdes
Tera Contributor

script has a logical issue in how you are fetching the department of the user assigned to the incident. Specifically:

  1. current.assigned_to.department Issue:

    • The assigned_to field is a reference to the sys_user table, and the department field is also a reference. To properly access the department of the assigned_to user, you need to fetch the department.sys_id.
  2. Empty assigned_to:

    • If the assigned_to field is empty, current.assigned_to.department will throw an error. You need to handle such cases.
  3. Inconsistent Comparisons:

    • You're comparing userDepartment (a Sys ID) to assignedToDepartment (likely an object). You should compare their sys_id.

kumar2sdes
Tera Contributor

Suggestion for the corrected code:

(function executeRule() {
var userDepartment = gs.getUser().getDepartmentID(); // Get the department Sys ID of the current user

if (!current.assigned_to) {
// If there's no user assigned, deny access
answer = false;
return;
}

var assignedToDepartment = current.assigned_to.department; // Get the department reference

if (assignedToDepartment && assignedToDepartment.sys_id == userDepartment) {
answer = true; // Allow access if departments match
} else {
answer = false; // Deny access if departments don't match
}
})();