From a10a9ba277d13caa47c94358c566bea491d151a0 Mon Sep 17 00:00:00 2001 From: Laszlo <47461634+Lacah@users.noreply.github.com> Date: Fri, 27 Sep 2024 18:58:32 +0200 Subject: [PATCH 1/3] Create checkUserCriteria.js --- .../checkUserCriteria.js | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js diff --git a/Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js b/Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js new file mode 100644 index 0000000000..48b6e746fd --- /dev/null +++ b/Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js @@ -0,0 +1,83 @@ +/** + * Script Include to check if a user has access to a catalog item based on user criteria. + * + * @param {string} item - The sys_id of the catalog item to check. + * @param {boolean} [adminOverride] - Optional. Specifies whether an admin override should apply. + * @param {string} [userToCheck] - Optional. The sys_id of the user to check access for. Defaults to the current user if not provided. + * + * @returns {boolean} - Returns true if the user has access to the catalog item, false otherwise. + */ + +var CheckCriteria = Class.create(); +CheckCriteria.prototype = { + initialize: function() {}, + itemCriteria: function(item, adminOverride, userToCheck) { + + // Determine the user object and user ID, using provided userToCheck or defaulting to the current user + var userObj = !gs.nil(userToCheck) ? gs.getUser().getUserByID(userToCheck) : gs.getUser(); + var userId = !gs.nil(userToCheck) ? userToCheck : gs.getUserID(); + + // Admin override: if the user is an admin and adminOverride is not set to false, return true + if(adminOverride != false && userObj.hasRole('admin')) { + return true; + } + + // Error handling: Ensure the item parameter is provided and not null + if (gs.nil(item)) { + gs.error('CheckCriteria().itemCriteria() failed: item parameter is missing or null, item: ' + item); + return; + } + + // Get the "Available for" and "Not Available for" user criteria for the catalog item + var availableForUC = this.getUserCritria(item, true); + var notAvailableForUC = this.getUserCritria(item, false); + + // Check if the user matches the "Not Available for" criteria + if(sn_uc.UserCriteriaLoader.userMatches(userId, notAvailableForUC)) { + return false; // User does not have access + } + // Check if the user matches the "Available for" criteria + else if (sn_uc.UserCriteriaLoader.userMatches(userId, availableForUC)) { + return true; // User has access + } + // If user doesn't match any criteria, they have no access + else { + return false; + } + }, + + /** + * Retrieves the user criteria for a catalog item. + * + * @param {string} item - The sys_id of the catalog item. + * @param {boolean} available - If true, fetch the "Available for" criteria. If false, fetch the "Not Available for" criteria. + * + * @returns {Array} - An array of user criteria sys_ids for the catalog item. + */ + getUserCritria: function(item, available) { + // Error handling: Ensure the item parameter is provided and not null + if (gs.nil(item)) { + gs.error('CheckCriteria().getUserCritria() failed: item parameter is missing or null, item: ' + item); + return; + } + + var returnArr = []; + // Determine the correct table based on whether we're checking "Available for" or "Not Available for" + var tableToCheck = available == false ? 'sc_cat_item_user_criteria_no_mtom' : 'sc_cat_item_user_criteria_mtom'; + + // Query the user criteria table for the catalog item + var ucCheckGr = new GlideRecord(tableToCheck); + ucCheckGr.addQuery('sc_cat_item', item); + ucCheckGr.query(); + + // Loop through the results and collect the user criteria + while (ucCheckGr.next()) { + returnArr.push(ucCheckGr.getValue('user_criteria')); + } + + // Return the array of user criteria sys_ids + return returnArr; + }, + + type: 'CheckCriteria' +}; From 90d19e234b36b427ff088577d2c039ebb985ee33 Mon Sep 17 00:00:00 2001 From: Laszlo <47461634+Lacah@users.noreply.github.com> Date: Fri, 27 Sep 2024 19:03:35 +0200 Subject: [PATCH 2/3] Create README.md --- .../README.md | 54 +++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 Script Includes/Check User Criteria for Catalog Item/README.md diff --git a/Script Includes/Check User Criteria for Catalog Item/README.md b/Script Includes/Check User Criteria for Catalog Item/README.md new file mode 100644 index 0000000000..06e6b4b255 --- /dev/null +++ b/Script Includes/Check User Criteria for Catalog Item/README.md @@ -0,0 +1,54 @@ +# CheckCriteria Script Include + +This script include is used to check if a user has access to a specific catalog item based on "Available for" and "Not Available for" user criteria in ServiceNow. It supports admin overrides and custom user checks. + + +## Usage + +The `CheckCriteria` script include provides a method `itemCriteria` which checks if a user meets the criteria to access a catalog item. + +### Syntax + +```javascript +var check = new CheckCriteria(); +var result = check.itemCriteria(item, adminOverride, userToCheck); +``` + +### Parameters + +1. **`item`** (string): + - The sys_id of the catalog item you want to check access for. + - This parameter is **required**. + +2. **`adminOverride`** (boolean, optional): + - Specifies whether admin override should be taken into account. + - If `true`, users with the `admin` role will always have access to the item, even if they do not match the user criteria. + - Defaults to `false` if not provided. + +3. **`userToCheck`** (string, optional): + - The user ID of the user you want to check access for. + - If not provided, the currently logged-in user (`gs.getUser()`) will be used by default. + +### Return + +- **`true`** if the user has access to the catalog item. +- **`false`** if the user does not have access to the catalog item. + +### Example + +```javascript +var check = new CheckCriteria(); + +// Example 1: Check if the current user has access to the catalog item +var hasAccess = check.itemCriteria('12345abcdef'); // '12345abcdef' is the sys_id of the catalog item + +// Example 2: Check access for a specific user with an admin override +var hasAccess = check.itemCriteria('12345abcdef', true, 'abc123user'); // 'abc123user' is the user ID of the user +``` + +In the first example, the script checks if the current user can access the specified catalog item. In the second example, it checks if the specified user can access the item and allows admin override. + +## Error Handling + +- If the `item` parameter is not provided or is `null`, an error message will be logged in the system logs. +- The script also logs errors when unable to retrieve user criteria for the catalog item. From 5f924c46dae5085d461a12085757917551470f89 Mon Sep 17 00:00:00 2001 From: Laszlo <47461634+Lacah@users.noreply.github.com> Date: Fri, 27 Sep 2024 19:22:04 +0200 Subject: [PATCH 3/3] Refactoring checkUserCriteria.js --- .../checkUserCriteria.js | 88 +++++++++---------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js b/Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js index 48b6e746fd..93d8faa550 100644 --- a/Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js +++ b/Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js @@ -1,49 +1,46 @@ -/** - * Script Include to check if a user has access to a catalog item based on user criteria. - * - * @param {string} item - The sys_id of the catalog item to check. - * @param {boolean} [adminOverride] - Optional. Specifies whether an admin override should apply. - * @param {string} [userToCheck] - Optional. The sys_id of the user to check access for. Defaults to the current user if not provided. - * - * @returns {boolean} - Returns true if the user has access to the catalog item, false otherwise. - */ - var CheckCriteria = Class.create(); CheckCriteria.prototype = { initialize: function() {}, - itemCriteria: function(item, adminOverride, userToCheck) { - - // Determine the user object and user ID, using provided userToCheck or defaulting to the current user - var userObj = !gs.nil(userToCheck) ? gs.getUser().getUserByID(userToCheck) : gs.getUser(); - var userId = !gs.nil(userToCheck) ? userToCheck : gs.getUserID(); - // Admin override: if the user is an admin and adminOverride is not set to false, return true - if(adminOverride != false && userObj.hasRole('admin')) { - return true; - } + /** + * Checks if the user meets the criteria to access the catalog item. + * + * @param {string} item - The sys_id of the catalog item. + * @param {boolean} [adminOverride] - Optional. Whether admin role should override the criteria check. Defaults to false if not provided. + * @param {string} [userToCheck] - Optional. The user ID of the user whose access is being checked. Defaults to the current user if not specified. + * + * @returns {boolean} - True if the user has access to the catalog item, otherwise false. + */ + itemCriteria: function(item, adminOverride, userToCheck) { + // Set default value for adminOverride if not provided + adminOverride = (typeof adminOverride !== 'undefined') ? adminOverride : false; - // Error handling: Ensure the item parameter is provided and not null + // Early exit if item is nil or missing if (gs.nil(item)) { gs.error('CheckCriteria().itemCriteria() failed: item parameter is missing or null, item: ' + item); - return; + return false; + } + + // Get the user object and user ID, defaulting to the current user if userToCheck is not provided + var userObj = !gs.nil(userToCheck) ? gs.getUser().getUserByID(userToCheck) : gs.getUser(); + var userId = userObj.getID(); + + // Admin override: if the user is an admin and adminOverride is true, return true + if (adminOverride && userObj.hasRole('admin')) { + return true; } - // Get the "Available for" and "Not Available for" user criteria for the catalog item + // Fetch "Available for" and "Not Available for" user criteria var availableForUC = this.getUserCritria(item, true); var notAvailableForUC = this.getUserCritria(item, false); - // Check if the user matches the "Not Available for" criteria - if(sn_uc.UserCriteriaLoader.userMatches(userId, notAvailableForUC)) { - return false; // User does not have access - } + // Check if the user matches the "Not Available for" criteria first + if (sn_uc.UserCriteriaLoader.userMatches(userId, notAvailableForUC)) { + return false; + } + // Check if the user matches the "Available for" criteria - else if (sn_uc.UserCriteriaLoader.userMatches(userId, availableForUC)) { - return true; // User has access - } - // If user doesn't match any criteria, they have no access - else { - return false; - } + return sn_uc.UserCriteriaLoader.userMatches(userId, availableForUC); }, /** @@ -55,27 +52,30 @@ CheckCriteria.prototype = { * @returns {Array} - An array of user criteria sys_ids for the catalog item. */ getUserCritria: function(item, available) { - // Error handling: Ensure the item parameter is provided and not null + // Early exit if item is nil or missing if (gs.nil(item)) { gs.error('CheckCriteria().getUserCritria() failed: item parameter is missing or null, item: ' + item); - return; + return []; } - - var returnArr = []; - // Determine the correct table based on whether we're checking "Available for" or "Not Available for" - var tableToCheck = available == false ? 'sc_cat_item_user_criteria_no_mtom' : 'sc_cat_item_user_criteria_mtom'; - // Query the user criteria table for the catalog item + // Define table name constants + var TABLE_AVAILABLE = 'sc_cat_item_user_criteria_mtom'; + var TABLE_NOT_AVAILABLE = 'sc_cat_item_user_criteria_no_mtom'; + + // Select appropriate table based on availability flag + var tableToCheck = available ? TABLE_AVAILABLE : TABLE_NOT_AVAILABLE; + + // Query user criteria from the appropriate table var ucCheckGr = new GlideRecord(tableToCheck); ucCheckGr.addQuery('sc_cat_item', item); ucCheckGr.query(); - - // Loop through the results and collect the user criteria + + // Store user criteria sys_ids in an array + var returnArr = []; while (ucCheckGr.next()) { returnArr.push(ucCheckGr.getValue('user_criteria')); } - - // Return the array of user criteria sys_ids + return returnArr; },