Name

sn_entitlement.AclInfoService

Description

No description available

Script

var AclInfoService = Class.create();
AclInfoService.prototype = {
  TABLE_ACL: 'sys_security_acl',
  TABLE_ACL_ROLE: 'sys_security_acl_role',

  initialize: function() {
  },

  /**
   * getAllByRole
   * Return information about ACLs which use specified role, filtering by specified ACL operations,
   * and filtering out ACLs for specified tables
   * @param {string} roleId sys_id of role record
   * @param {array} filterAclOps array of strings (enumeration of choice field sys_security_acl.operation)
   * @param {array} ignoredTables array of table names
   * @returns {object} an iterator object with interface
   * { next(), getId(), getName(), getOperation(), getCondition(), getScript() }
   */
  getAllByRole: function (roleId, filterAclOps, ignoredTables) {
      var tableFieldName = 'sys_security_acl.name';
      var aclReferenceName = 'sys_security_acl.';
      var hacl = new GlideRecord(this.TABLE_ACL_ROLE);

      hacl.addQuery('sys_user_role', '=', roleId);
      this._query(hacl, tableFieldName, aclReferenceName, filterAclOps, ignoredTables)

      return this._toRecordIterator(hacl);
  },

  /**
   * getNonRoleAclsByTables
   * Return ACLs which apply to specified tables for specified list of operations, and which don't have any associated roles
   * @param {string} tableNames
   * @param {array} filterAclOps array of strings (enumeration of choice field sys_security_acl.operation)
   * @param {array} ignoredTables array of table names
   * @returns {object} an iterator object with interface
   * { next(), getId(), getName(), getOperation(), getCondition(), getScript() }
   */
  getNonRoleAclsByTables: function (tableNames, filterAclOps, ignoredTables) {
      var tableFieldName = 'name';
      var aclReferenceName = '';
      var hacl = new GlideRecord(this.TABLE_ACL);

      hacl.addEncodedQuery('RLQUERYsys_security_acl_role.sys_security_acl,=00,m2m^ENDRLQUERY');
      hacl.addEncodedQuery('nameLIKE' + tableNames.join('^ORnameLIKE'));
      this._query(hacl, tableFieldName, aclReferenceName, filterAclOps, ignoredTables)

      return this._toRecordIterator(hacl);
  },

  /**
   * getAllAclsByTables
   * Return ACLs which apply to specified tables for specified list of operations
   * @param {string} tableNames 
   * @param {array} filterAclOps array of strings (enumeration of choice field sys_security_acl.operation)
   * @param {array} ignoredTables array of table names
   * @returns array of objects of the form  {"operation", "name", "id" ,"condition", "script"}
   */
  getAllAclsByTables: function (tableNames, filterAclOps, ignoredTables) {
      var tableFieldName = 'name';
      var aclReferenceName = '';
      var hacl = new GlideRecord(this.TABLE_ACL);

      hacl.addEncodedQuery('nameLIKE' + tableNames.join('^ORnameLIKE'));
      this._query(hacl, tableFieldName, aclReferenceName, filterAclOps, ignoredTables)

      return this._toRecordIterator(hacl);
  },

  _query: function (hacl, tableFieldName, aclReferenceName, filterAclOps, ignoredTables) {
      // add some functions to simplify querying
      hacl.addFunction(this._getFunctionField(tableFieldName, null)); // parse out the table name
      hacl.addFunction(this._getFunctionField(tableFieldName, 3)); // get first X characters of table
      hacl.addFunction(this._getFunctionField(tableFieldName, 4)); // get first X characters of table
      hacl.addFunction(this._getFunctionField(tableFieldName, 5)); // get first X characters of table

      hacl.addQuery(aclReferenceName + 'type', '=', 'record');
      hacl.addQuery(aclReferenceName + 'active', '=', true); // only loook at active ACLs
      hacl.addQuery(aclReferenceName + 'operation', 'IN', filterAclOps);

      // ignore rows without a valid ACL
      hacl.addNotNullQuery(aclReferenceName + 'name');

      hacl.addEncodedQuery(this._getFunctionField(tableFieldName, null) + '!=' + ignoredTables.join('^' + this._getFunctionField(tableFieldName, null) + '!='));

      // exclude some tables we are never interested in
      hacl.addQuery(this._getFunctionField(tableFieldName, 3), '!=', 'pa_');
      hacl.addQuery(this._getFunctionField(tableFieldName, 4), '!=', 'sys_');
      hacl.addQuery(this._getFunctionField(tableFieldName, 4), '!=', 'ts_v');
      hacl.addQuery(this._getFunctionField(tableFieldName, 5), '!=', 'ts_c_');
      hacl.orderBy(aclReferenceName + 'operation');
      hacl.orderBy(tableFieldName);

      hacl.query();
  },

  _toRecordIterator: function(aclRecord) {
      if (aclRecord.getTableName() == this.TABLE_ACL_ROLE) {
          return {
              next: function() {
                  return aclRecord.next();
              },
              getOperation: function() {
                  return aclRecord.sys_security_acl.operation.toString();
              },
              getName: function() {
                  return aclRecord.sys_security_acl.getDisplayValue();
              },
              getId: function() {
                  return aclRecord.getValue('sys_security_acl')
              },
              getCondition: function() {
                  return aclRecord.sys_security_acl.condition.toString();
              },
              getScript: function() {
                  return aclRecord.sys_security_acl.script.toString();
              }
          }
      } else {
          return {
              next: function() {
                  return aclRecord.next();
              },

              getOperation: function() {
                  return aclRecord.operation.toString();
              },
              getName: function() {
                  return aclRecord.getDisplayValue();
              },
              getId: function() {
                  return aclRecord.getUniqueValue();
              },
              getCondition: function() {
                  return aclRecord.condition.toString();
              },
              getScript: function() {
                  return aclRecord.script.toString();
              }
          }
      }
  },

  _toInfo: function(aclRecord) {
      var result = [];
      while (aclRecord.next()) {
          result.push(this._toInfoRecord(aclRecord));
      }
      return result;
  },

  _toInfoRecord: function(aclRecord) {
      var result = {
          "operation": null,
          "name" : null,
          "id": null,
          "condition": null,
          "script": null
      };
      if (aclRecord.getTableName() == this.TABLE_ACL_ROLE) {
          result.operation = aclRecord.sys_security_acl.operation.toString();
          result.name = aclRecord.sys_security_acl.getDisplayValue();
          result.condition = aclRecord.sys_security_acl.condition.toString();
          result.script = aclRecord.sys_security_acl.script.toString();
          result.id = aclRecord.getValue('sys_security_acl')

      } else {
          result.operation = aclRecord.getValue('operation');
          result.name = aclRecord.getDisplayValue();
          result.condition = aclRecord.condition.toString();
          result.script = aclRecord.script.toString();
          result.id = aclRecord.getValue('sys_id');
      }
      return result;
  },

  _getFunctionField: function (fieldName, fieldLength) {
      if (gs.nil(fieldLength)) {
          return "glidefunction:substring(concat(" + fieldName + ",'.'),'1',subtract(position('.', concat(" + fieldName + ",'.'), '1'), '1'))";
      } else {
          return "glidefunction:substring(" + fieldName + ",'1','" + fieldLength + "'))";
      }
  },

  type: 'AclInfoService'
};

Sys ID

d248820e430121102aeb1ca57bb8f2bd

Offical Documentation

Official Docs: