Name

sn_devstudio.VCSAppAccessCheck

Description

No description available

Script

var VCSAppAccessCheck = (function() {

  return {
      verifyReadAccess: function(appId) {
          // If the application is app customization capable read access is allowed.
          if (_isAppCustomizationCapableApp(appId))
              return true;

          var gr = attemptAppLoad(appId);
          return gr.canRead();
      },

      verifyWriteAccess: function(appId) {
          // If the application is app customization capable write access is allowed.
          if (_isAppCustomizationCapableApp(appId))
              return true;

          var gr = attemptAppLoad(appId);

          // PRB683568 : For delegated developers canWrite always gives false
          // PRB1365169 : modified the temporary fix originally made for PRB683568 
          //              which was calling canRead() for all users
          if (isDelegatedDeveloper() && !gr.canRead())
              return false;

          if (!isDelegatedDeveloper() && !gr.canWrite())
              return false;

          return true;
      },

      verifyPublishAccess: function(appId) {
          return canPublishApp(appId);
      },

      verifyCreateAccess: function() {
          var gr = new GlideRecord("sys_app");
          return gr.canCreate();
      },

      verifyVersionControlAccess: function(appId) {
          return canAccessVersionControl(appId);
      },

      isGACOrSourceControlUser: function() {
          // This provides backward compatibility and handles the case where 
          // the user does not have the collaboration plugin installed
          var user = gs.getUser();
          var hasGACRole = user.hasRole('sn_g_app_creator.app_creator');
          var hasSourceControlRole = user.hasRole('source_control');
          if (hasGACRole || hasSourceControlRole)
              return true;
      },
  	
  	canAccessCredentials: function() {
  		return gs.hasRightsTo('record/discovery_credentials/read') || gs.hasRole("source_control");
  	},

      throwAccessDenied: function(appId) {
          throw new sn_ws_err.ServiceError()
              .setStatus(403)
              .setMessage(appId ? gs.getMessage("Access denied to application {0}", appId) : gs.getMessage("Access denied to create a new application"));
      }
  };

  function _isAppCustomizationCapableApp(appId) {
      return sn_app_customization.AppCustomizationAPI.isAppCustomizationFeatureEnabled() && sn_app_customization.AppCustomizationAPI.isAppCustomizationCapableById(appId) && (gs.getUser().hasRole("admin") || isDelegatedDeveloper());
  }

  function attemptAppLoad(appId) {
      var gr = new GlideRecord("sys_app");
      if (!gr.get(appId))
          throw new sn_ws_err.NotFoundError("Invalid application id " + appId);

      return gr;
  }

  function isDelegatedDeveloper() {
      return gs.hasRole('delegated_developer') && !gs.hasRole('admin');
  }

  function canPublishApp(appId) {
      return sn_app_api.AppStoreAPI.canPublishToAppRepo(appId) || sn_app_api.AppStoreAPI.canPublishToAppStore(appId);
  }

  function canAccessVersionControl(appId) {
      return gs.hasRightsTo("api/now.vcs/allow", {
          scopeId: appId
      });
  }

})();

Sys ID

0e1e124f673012006cc295f557415adf

Offical Documentation

Official Docs: