- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2024 04:22 PM
Hi,
I have to write a script condition for an ACL that allows users to access only incidents belonging to their department.
I write this script, but it's not working as expected. Does anyone have any idea what is wrong?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2024 07:12 PM
Hi @cristinam77 ,
if you are writing this for global application then it should work but in scoped app gs.getUser().getDepartmentID(); won’t work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2024 07:12 PM
Hi @cristinam77 ,
if you are writing this for global application then it should work but in scoped app gs.getUser().getDepartmentID(); won’t work.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2024 05:14 AM
yes, for the global application is not working as expected. the current user can see only some incidents assigned to him.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2024 08:18 PM
script has a logical issue in how you are fetching the department of the user assigned to the incident. Specifically:
current.assigned_to.department Issue:
- The assigned_to field is a reference to the sys_user table, and the department field is also a reference. To properly access the department of the assigned_to user, you need to fetch the department.sys_id.
Empty assigned_to:
- If the assigned_to field is empty, current.assigned_to.department will throw an error. You need to handle such cases.
Inconsistent Comparisons:
- You're comparing userDepartment (a Sys ID) to assignedToDepartment (likely an object). You should compare their sys_id.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2024 08:19 PM
Suggestion for the corrected code:
(function executeRule() {
var userDepartment = gs.getUser().getDepartmentID(); // Get the department Sys ID of the current user
if (!current.assigned_to) {
// If there's no user assigned, deny access
answer = false;
return;
}
var assignedToDepartment = current.assigned_to.department; // Get the department reference
if (assignedToDepartment && assignedToDepartment.sys_id == userDepartment) {
answer = true; // Allow access if departments match
} else {
answer = false; // Deny access if departments don't match
}
})();