Item based user criteria

Script Includes/Check User Criteria for Catalog Item/README.md

@@ -0,0 +1,54 @@
+# CheckCriteria Script Include
+
+This script include is used to check if a user has access to a specific catalog item based on "Available for" and "Not Available for" user criteria in ServiceNow. It supports admin overrides and custom user checks.
+
+
+## Usage
+
+The `CheckCriteria` script include provides a method `itemCriteria` which checks if a user meets the criteria to access a catalog item.
+
+### Syntax
+
+```javascript
+var check = new CheckCriteria();
+var result = check.itemCriteria(item, adminOverride, userToCheck);
+```
+
+### Parameters
+
+1. **`item`** (string): 
+   - The sys_id of the catalog item you want to check access for.
+   - This parameter is **required**.
+
+2. **`adminOverride`** (boolean, optional): 
+   - Specifies whether admin override should be taken into account.
+   - If `true`, users with the `admin` role will always have access to the item, even if they do not match the user criteria.
+   - Defaults to `false` if not provided.
+
+3. **`userToCheck`** (string, optional): 
+   - The user ID of the user you want to check access for.
+   - If not provided, the currently logged-in user (`gs.getUser()`) will be used by default.
+
+### Return
+
+- **`true`** if the user has access to the catalog item.
+- **`false`** if the user does not have access to the catalog item.
+
+### Example
+
+```javascript
+var check = new CheckCriteria();
+
+// Example 1: Check if the current user has access to the catalog item
+var hasAccess = check.itemCriteria('12345abcdef'); // '12345abcdef' is the sys_id of the catalog item
+
+// Example 2: Check access for a specific user with an admin override
+var hasAccess = check.itemCriteria('12345abcdef', true, 'abc123user'); // 'abc123user' is the user ID of the user
+```
+
+In the first example, the script checks if the current user can access the specified catalog item. In the second example, it checks if the specified user can access the item and allows admin override.
+
+## Error Handling
+
+- If the `item` parameter is not provided or is `null`, an error message will be logged in the system logs.
+- The script also logs errors when unable to retrieve user criteria for the catalog item.

Script Includes/Check User Criteria for Catalog Item/checkUserCriteria.js

@@ -0,0 +1,83 @@
+var CheckCriteria = Class.create();
+CheckCriteria.prototype = {
+    initialize: function() {},
+
+    /**
+     * Checks if the user meets the criteria to access the catalog item.
+     * 
+     * @param {string} item - The sys_id of the catalog item.
+     * @param {boolean} [adminOverride] - Optional. Whether admin role should override the criteria check. Defaults to false if not provided.
+     * @param {string} [userToCheck] - Optional. The user ID of the user whose access is being checked. Defaults to the current user if not specified.
+     * 
+     * @returns {boolean} - True if the user has access to the catalog item, otherwise false.
+     */
+    itemCriteria: function(item, adminOverride, userToCheck) {
+        // Set default value for adminOverride if not provided
+        adminOverride = (typeof adminOverride !== 'undefined') ? adminOverride : false;
+
+        // Early exit if item is nil or missing
+        if (gs.nil(item)) {
+            gs.error('CheckCriteria().itemCriteria() failed: item parameter is missing or null, item: ' + item);
+            return false;
+        }
+
+        // Get the user object and user ID, defaulting to the current user if userToCheck is not provided
+        var userObj = !gs.nil(userToCheck) ? gs.getUser().getUserByID(userToCheck) : gs.getUser();
+        var userId = userObj.getID();
+
+        // Admin override: if the user is an admin and adminOverride is true, return true
+        if (adminOverride && userObj.hasRole('admin')) {
+            return true;
+        }
+
+        // Fetch "Available for" and "Not Available for" user criteria
+        var availableForUC = this.getUserCritria(item, true);
+        var notAvailableForUC = this.getUserCritria(item, false);
+
+        // Check if the user matches the "Not Available for" criteria first
+        if (sn_uc.UserCriteriaLoader.userMatches(userId, notAvailableForUC)) {
+            return false;
+        }
+
+        // Check if the user matches the "Available for" criteria
+        return sn_uc.UserCriteriaLoader.userMatches(userId, availableForUC);
+    },
+
+    /**
+     * Retrieves the user criteria for a catalog item.
+     * 
+     * @param {string} item - The sys_id of the catalog item.
+     * @param {boolean} available - If true, fetch the "Available for" criteria. If false, fetch the "Not Available for" criteria.
+     * 
+     * @returns {Array<string>} - An array of user criteria sys_ids for the catalog item.
+     */
+    getUserCritria: function(item, available) {
+        // Early exit if item is nil or missing
+        if (gs.nil(item)) {
+            gs.error('CheckCriteria().getUserCritria() failed: item parameter is missing or null, item: ' + item);
+            return [];
+        }
+
+        // Define table name constants
+        var TABLE_AVAILABLE = 'sc_cat_item_user_criteria_mtom';
+        var TABLE_NOT_AVAILABLE = 'sc_cat_item_user_criteria_no_mtom';
+
+        // Select appropriate table based on availability flag
+        var tableToCheck = available ? TABLE_AVAILABLE : TABLE_NOT_AVAILABLE;
+
+        // Query user criteria from the appropriate table
+        var ucCheckGr = new GlideRecord(tableToCheck);
+        ucCheckGr.addQuery('sc_cat_item', item);
+        ucCheckGr.query();
+
+        // Store user criteria sys_ids in an array
+        var returnArr = [];
+        while (ucCheckGr.next()) {
+            returnArr.push(ucCheckGr.getValue('user_criteria'));
+        }
+
+        return returnArr;
+    },
+
+    type: 'CheckCriteria'
+};