Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Script condition for ACL: users can access only incidents belonging to their department

Go to solution
cristinam77
Tera Contributor

‎12-07-2024 04:22 PM

Hi,

 

I have to write a script condition for an ACL that allows users to access only incidents belonging to their department.

I write this script, but it's not working as expected. Does anyone have any idea what is wrong?

 

 
var userDepartment = gs.getUser().getDepartmentID();  // Get the department of the current user
 
var assignedToDepartment = current.assigned_to.department;  // Get the department of the user assigned to the incident

// Check if the departments match
if (userDepartment == assignedToDepartment) {
    answer = true;  // Allow access if departments match
} else {
    answer = false;  // Deny access if departments don't match
}

 

 

0 Helpfuls
  • 1,245 Views
1 ACCEPTED SOLUTION

Go to solution
Runjay Patel
Giga Sage

‎12-07-2024 07:12 PM

Hi @cristinam77 ,

 

if you are writing this for global application then it should work but in scoped app gs.getUser().getDepartmentID(); won’t work. 

View solution in original post

4 REPLIES 4

Go to solution
Runjay Patel
Giga Sage

‎12-07-2024 07:12 PM

Hi @cristinam77 ,

 

if you are writing this for global application then it should work but in scoped app gs.getUser().getDepartmentID(); won’t work. 

Go to solution
cristinam77
Tera Contributor
In response to Runjay Patel

‎12-08-2024 05:14 AM

yes, for the global application is not working as expected. the current user can see only some incidents assigned to him.

0 Helpfuls

Go to solution
kumar2sdes
Tera Contributor

‎12-07-2024 08:18 PM

script has a logical issue in how you are fetching the department of the user assigned to the incident. Specifically:

  1. current.assigned_to.department Issue:

    • The assigned_to field is a reference to the sys_user table, and the department field is also a reference. To properly access the department of the assigned_to user, you need to fetch the department.sys_id.

  2. Empty assigned_to:

    • If the assigned_to field is empty, current.assigned_to.department will throw an error. You need to handle such cases.

  3. Inconsistent Comparisons:

    • You're comparing userDepartment (a Sys ID) to assignedToDepartment (likely an object). You should compare their sys_id.

Go to solution
kumar2sdes
Tera Contributor

‎12-07-2024 08:19 PM

Suggestion for the corrected code:

(function executeRule() {
var userDepartment = gs.getUser().getDepartmentID(); // Get the department Sys ID of the current user

if (!current.assigned_to) {
// If there's no user assigned, deny access
answer = false;
return;
}

var assignedToDepartment = current.assigned_to.department; // Get the department reference

if (assignedToDepartment && assignedToDepartment.sys_id == userDepartment) {
answer = true; // Allow access if departments match
} else {
answer = false; // Deny access if departments don't match
}
})();

0 Helpfuls