Name

global.DocumentManagementSecurity

Description

Helps managing the security of the Document Management System

Script

var DocumentManagementSecurity = Class.create();

DocumentManagementSecurity.canReadDocumentRecord = function(document) {

if (document.sys_id.nil())
  return true;

if (gs.hasRole("document_management_admin"))
  return true;

if (document.owner == gs.getUserID())
  return true;

if (document.reviewers.toString().indexOf(gs.getUserID()) > -1)
  return true;

if (gs.getUser().isMemberOf(document.owning_group))
  return true;

if (DocumentManagementSecurity.isUserADocumentApprover(document))
  return true;

var perm = new GlideRecord("dms_document_user_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("user", gs.getUserID());
perm.addQuery("type", "IN", "Owner,Editor,Reader");
perm.query();
if (perm.hasNext())
  return true; 

var perm = new GlideRecord("dms_document_group_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("group", getMyGroups());
perm.addQuery("type", "IN", "Owner,Editor,Reader");
perm.query();
if (perm.hasNext())
  return true;

return false;
};

DocumentManagementSecurity.canWriteDocumentRecord = function(document) {

if(!(gs.hasRole("document_management_admin") || gs.hasRole("document_management_user")))
  return false;

if (document.state == "inactive" || document.state == "cancelled")
  return false;
  
if (!document.checked_out_by.nil() && document.checked_out_by != gs.getUserID())
  return false;

if (document.sys_id.nil() || document.isNewRecord())
  return true;

if (gs.hasRole("document_management_admin"))
  return true;

if (document.owner == gs.getUserID())
  return true;

if (gs.getUser().isMemberOf(document.owning_group))
  return true;

var perm = new GlideRecord("dms_document_user_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("user", gs.getUserID());
perm.addQuery("type", "IN", "Owner,Editor");
perm.query();
if (perm.hasNext())
  return true;

var perm = new GlideRecord("dms_document_group_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("group", getMyGroups());
perm.addQuery("type", "IN", "Owner,Editor");
perm.query();
if (perm.hasNext())
  return true;

return false;
};

DocumentManagementSecurity.canDeleteDocumentRecord = function(document) {
if (gs.hasRole("document_management_admin"))
  return true;

if (document.owner == gs.getUserID())
  return true;

if (gs.getUser().isMemberOf(document.owning_group))
  return true;

if (!document.checked_out_by.nil() && document.checked_out_by != gs.getUserID())
  return false;

var perm = new GlideRecord("dms_document_user_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("user", gs.getUserID());
perm.addQuery("type", "Owner");
perm.query();
if (perm.hasNext())
  return true;

var perm = new GlideRecord("dms_document_group_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("group", getMyGroups());
perm.addQuery("type", "Owner");
perm.query();
if (perm.hasNext())
  return true;

return false;
};

DocumentManagementSecurity.canEditDocumentSecurity = function(id) {
if (gs.hasRole("document_management_admin"))
  return true;

var document = DocumentManagementSecurity.getDocument(id);
if (document.owner == gs.getUserID())
  return true;

if (gs.getUser().isMemberOf(document.owning_group))
  return true;

var perm = new GlideRecord("dms_document_user_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("user", gs.getUserID());
perm.addQuery("type", "Owner");
perm.query();
if (perm.hasNext())
  return true;

var perm = new GlideRecord("dms_document_group_permission");
perm.addQuery("document", document.sys_id);
perm.addQuery("group", getMyGroups());
perm.addQuery("type", "Owner");
perm.query();
if (perm.hasNext())
  return true;

return false;
};

DocumentManagementSecurity.canDeleteDocumentID = function(id) {
var doc = DocumentManagementSecurity.getDocument(id);
return DocumentManagementSecurity.canDeleteDocumentRecord(doc);
};

DocumentManagementSecurity.canWriteDocumentID = function(id) {
if (id == "")
  return true;

var doc = DocumentManagementSecurity.getDocument(id);
return DocumentManagementSecurity.canWriteDocumentRecord(doc);
};

DocumentManagementSecurity.canReadDocumentID = function(id) {
if (id == "")
  return true;
  
var doc = DocumentManagementSecurity.getDocument(id);
return DocumentManagementSecurity.canReadDocumentRecord(doc);
};

DocumentManagementSecurity.getDocument = function(id) {
var doc = new GlideRecord("dms_document");
doc.get(id);
return doc;
};

DocumentManagementSecurity.isUserADocumentApprover = function(document){
var gr = new GlideRecord("approval_sequence");
gr.addQuery("document_id", document.sys_id);
gr.addQuery("user", gs.getUserID());
gr.query();
return gr.hasNext();
};

DocumentManagementSecurity.isUserADocumentReviewer = function(document){
  if(!document.reviewers)
  	return false;
  
  var position = document.reviewers.indexOf(gs.getUser().getID());
  if(position>=0)
  	return true;
  return false;
};

DocumentManagementSecurity.doesDocumentHaveUserPermission = function(documentId){
  var db = new DocumentManagementDB();
  var userPermissions = db.getUserPermissionsByDocumentId(documentId);
  if(userPermissions.length>0){
  	return true;
  } else {
  	return false;
  }
};

DocumentManagementSecurity.doesDocumentHaveGroupPermission = function(documentId){
  var db = new DocumentManagementDB();
  var groupPermissions = db.getUserPermissionsByDocumentId(documentId);
  if(groupPermissions.length>0){
  	return true;
  } else {
  	return false;
  }
};

DocumentManagementSecurity.canWriteApprovalSequence = function(approvalSequence){

  if (gs.hasRole("document_management_admin"))
  	return true;

  var db = new DocumentManagementDB();
  var document = db.getDocumentById(approvalSequence.document_id,true);
  	
  if (document.owner == gs.getUserID())
  	return true;
  	
  var perm = new GlideRecord("dms_document_user_permission");
  perm.addQuery("document", approvalSequence.document_id);
  perm.addQuery("user", gs.getUserID());
  perm.addQuery("type", "Owner");
  perm.query();
  if (perm.hasNext())
  	return true;
  
  var perm = new GlideRecord("dms_document_group_permission");
  perm.addQuery("document", approvalSequence.document_id);
  perm.addQuery("group", getMyGroups());
  perm.addQuery("type", "Owner");
  perm.query();
  if (perm.hasNext())
  	return true;

  return false;
};

DocumentManagementSecurity.canDeleteApprovalSequence = function(approvalSequence){
  return DocumentManagementSecurity.canWriteApprovalSequence(approvalSequence);
}

Sys ID

c4b388d70a0a2ca052c7709d977fb49d

Offical Documentation

Official Docs: