Name
global.CSMContentAccess
Description
Implements extension point global.CSMContentAccessEP
Script
var CSMContentAccess = Class.create();
CSMContentAccess.prototype = {
/**
* @tableName, required - the table name of the record on which requested access pattern is being evaluated
* @current, required - the current object on which requested access pattern is being evaluated
*/
initialize: function(tableName, current) {
this._setContext(tableName, current);
},
resetContext: function(tableName, current) {
this._setContext(tableName, current);
},
canProcess: function(accessPattern) {
return this.RESOURCE_TYPE=="TABLE" && this.RESOURCE_NAME == this.tableName;
},
/**
* @params, optional - additional parameters required to evalute the access
*/
canRead: function(params) {
if(!this.__preProcess(params))
return false;
//Responsibilities are enforced through query-rules / QBR validations.
return this.__canRead();
},
/**
* @params, optional - additional parameters required to evalute the access
*/
canWrite: function(params) {
if(!this.__preProcess(params))
return false;
if(this._enforceResponsibilities() && this._hasValidResponsibility(this._getWritePermissionMap())) {
return true;
}
return this._canWrite();
},
/**
* @params, optional - additional parameters required to evalute the access
*/
canCreate: function(params) {
if(!this.__preProcess(params))
return false;
if(this._enforceResponsibilities() && this._hasValidResponsibility(this._getCreatePermissionMap())) {
return true;
}
return this._canCreate();
},
/**
* @params, optional - additional parameters required to evalute the access
*/
canDelete: function(params) {
if(!this.__preProcess(params))
return false;
if(this._enforceResponsibilities() && this._hasValidResponsibility(this._getDeletePermissionMap())) {
return true;
}
return this._canDelete();
},
/** Private methods; do not override these methods. **/
__isRestrictedAccessAccount: function(accountId) {
if(!accountId)
return false;
var gr = new GlideRecord(global.CSMBaseConstants.ACCOUNT_ACCESS_TABLE);
gr.addQuery('account', accountId);
gr.addQuery('restrict_contact_access', true);
gr.query();
return gr.hasNext();
},
__preProcess: function(params) {
if(gs.nil(this.current))
return false;
if(!gs.nil(params))
this._setParams(params);
return true;
},
__isQueryRulesEnabled: function() {
return new global.CSMQueryRulesUtil().useQueryRules();
},
__canRead: function() {
if(this.__isQueryRulesEnabled())
return this._canRead_QR();
return this._canRead_QBR();
},
/** Protected methods, allowed to overrride **/
_setContext: function(tableName, current) {
this.tableName = tableName || (!gs.nil(current)? current.getTableName(): null);
this.current = current;
},
_setParams: function(params) {
this.params = params;
},
/**
* Override _can*() methods only if
* 1) entity does not have separate ACLs for regular checks
* 2) and, entity security check depends on granular roles
**/
_canWrite: function() {
return false;
},
_canCreate: function() {
return false;
},
_canDelete: function() {
return false;
},
_canRead_QR: function() {
// TODO: Keep the filter in session variable for subsequent usages. And, make sure it is invalidated when config is changed
// TODO: OR, use transaction cache.
var filter;
var qrRoles = this.__getParam("qr_roles");
var qrGenerator = new sn_queryrules.QueryRuleGenerator();
if (gs.nil(qrRoles))
filter = qrGenerator.getEncodedQuery(this.tableName);
else
filter = qrGenerator.getEncodedQueryForRoles(this.tableName, qrRoles);
return GlideFilter.checkRecord(this.current, filter);
},
_canRead_QBR: function() {
return false;
},
_enforceResponsibilities: function() {
return false;
},
_isChildOf: function(parent, tableName) {
return new global.CSMRelationshipUtils().isChildOf(parent, tableName);
},
/** Permission maps for Responsibilities **/
/**
*
* {
* relationship1: accessType,
* relationship2: accessType,
* ...
* }
*
*/
_getWritePermissionMap: function() {},
_getCreatePermissionMap: function() {},
_getDeletePermissionMap: function() {},
// Access evalulation with the help of Permission Map
_hasValidResponsibility: function(permissionMap) {
if(gs.nil(permissionMap))
return false;
var _hasAccess = false;
var relationships = Object.keys(permissionMap);
var utils = new global.CSMRelationshipUtils();
for(var p = 0, q = relationships.length; p < q; p++) {
var relationship = relationships[p];
var accessType = permissionMap[relationship] || global.CSMRelationshipConstants.ACCESS.FULL;
_hasAccess = utils.hasAccess(this.current, relationship, accessType, this.params);
if(_hasAccess)
return true;
}
return _hasAccess;
},
__getParam: function(key) {
if (!key || !this.params)
return null;
return this.params[key];
},
// Always override these variables with right values.
RESOURCE_NAME : "",
RESOURCE_TYPE : "TABLE",
type: 'CSMContentAccess'
};
Sys ID
0fc2120677f23010d3ef07dc7d5a9901