Name
sn_decision_table.UserUtil
Description
No description available
Script
var UserUtil = (function() {
var isAdmin = gs.hasRole('admin');
var isDecisionTableAdmin = gs.hasRole('decision_table_admin');
var isDecisionTableReader = gs.hasRole('decision_table_reader');
var isChangeManager = gs.hasRole('change_manager');
return {
// user gets delegated access if atleast one accessible scope has decision table permission
hasDelegatedAccess: function() {
var accessibleScopeIds = this._getAccessibleScopeIds();
for (var i = 0; i < accessibleScopeIds.length; i++) {
if (this._hasDecisionTablePermission(accessibleScopeIds[i])) {
return true;
}
}
return false;
},
getScopeIdsAccessibleByDelegatedDev: function() {
var accessibleScopeIds = this._getAccessibleScopeIds();
var scopeIdsWithDecisionTablePermission = [];
for (var i = 0; i < accessibleScopeIds.length; i++) {
if (this._hasDecisionTablePermission(accessibleScopeIds[i])) {
scopeIdsWithDecisionTablePermission.push(accessibleScopeIds[i]);
}
}
return scopeIdsWithDecisionTablePermission;
},
_hasDecisionTablePermission: function(sysId) {
return gs.hasRightsTo('api/now.decision_tables/allow', {
scopeId: sysId
});
},
_getAccessibleScopeIds: function() {
return gs.getSession().getApplicationPickerList().map(function(app) {
return app.sysId;
});
},
// Graphql acls do not support advanced/ script level configurations
// We need advanced acl for our use cases and hence cannot rely on linking acl to graphql api
// This check has to be made to accommodate graphql execution security at resolver level as a work around
hasGraphQLAccess: function() {
return isAdmin || isDecisionTableAdmin || isDecisionTableReader || isChangeManager || this.hasDelegatedAccess();
},
hasRESTAPIAccess: function() {
return this.hasGraphQLAccess();
},
hasDelegatedAccessAlone: function() {
return this.hasDelegatedAccess() && !(isAdmin || isDecisionTableAdmin);
},
};
})();Sys ID
608b8d87c3db3010d4437f9ec840dd6d