Name

sn_hr_core.hr_SecurityUtils

Description

No description available

Script

var hr_SecurityUtils = Class.create();

hr_SecurityUtils.READ = 'read';
hr_SecurityUtils.WRITE = 'write';

hr_SecurityUtils.prototype = {
  initialize: function() {
  },
  
  /* Evaluate the security policies for a given COE
   * @param GlideRecord caseGr The case record
   * @param String operation "read" or "write"
   * @return Boolean Whether the current user passes the security policy or not
   */
  getCoeSecurityPolicy: function(caseGr, operation, userId) {
  	
  	var tableName = caseGr.sys_class_name || caseGr.getTableName(); //initialize with extending table name if exists
  	var tableHierarchy = new GlideTableHierarchy(tableName);
  	//parent hierarchy is list of parent tables of this table which is (getHierarchy - getAllExtensions)
  	var allExtensions = tableHierarchy.getAllExtensions();
  	var parentHierarchy = tableHierarchy.getHierarchy().filter(function (table) {
  		return allExtensions.indexOf(table) === -1;
  	});
  	// Query to get policies of parent tables if the applies_child_coe is true OR policies where coe is current table
  	var coeQuery = "applies_to_all_child_coes=true^coeIN" + parentHierarchy + "^NQcoe=" + tableName;
  	var operationQuery = "type=" + operation;
  	
  	//Handle invalid input
  	if ((operation !== hr_SecurityUtils.READ && operation !== hr_SecurityUtils.WRITE) || !tableName)
  		return false;

  	if (operation == hr_SecurityUtils.READ)
  		operationQuery = "type=" + hr_SecurityUtils.READ + "^ORtype=" + hr_SecurityUtils.WRITE;
  	
  	var grPolicy = new GlideRecord('sn_hr_core_coe_security_policy');
  	grPolicy.addEncodedQuery(coeQuery);
  	grPolicy.addEncodedQuery(operationQuery);
  	grPolicy.addActiveQuery();
  	grPolicy.query();
  	if (!grPolicy.hasNext())
  		return true;
  	var policyFound = false;
  	while (grPolicy.next()) {
  		var allServices = grPolicy.all_services;
  		if (!allServices) {
  			var services = grPolicy.getValue('services');
  			if (services.indexOf(caseGr.getValue('hr_service')) < 0)
  				continue;
  		}
  		var filterCondition = !grPolicy.getValue('applies_when') || GlideFilter.checkRecord(caseGr, grPolicy.getValue('applies_when'), true);
  		if (!filterCondition)
  			continue;
  		policyFound = true;
  		if (this._evaluateRule(grPolicy, userId))
  			return true;
  	}
  	return !policyFound;
  },
  
  _evaluateRule: function (grPolicy, userId) {
  	
  	var userObj = gs.getUser();
  	
  	var groupsGr = new GlideRecord('sn_hr_core_m2m_security_policy_group');
  	groupsGr.addQuery('security_policy', grPolicy.getUniqueValue());
  	groupsGr.query();
  	
  	var groups = [];
  	while (groupsGr.next()) {
  		if (userId)
  			groups.push(groupsGr.group.toString());
  		else
  			groups.push(groupsGr.group.name.toString());
  	}
  	
  	var groupUtil = new global.HRSecurityUtils();
  	var passedGroups = false;
  	for (var i = 0; i < groups.length; ++i) {
  		if (userId) {
  			if (groupUtil.isMemberOfGroup(userId, groups[i])) {
  				passedGroups = true;
  				break;
  			}
  		} else if (userObj.isMemberOf(groups[i])) {
  			passedGroups = true;
  			break;
  		}
  	}
  	return passedGroups;
  },

  type: 'hr_SecurityUtils'
};

Sys ID

696497e923e73300fb0c949e27bf65bd

Offical Documentation

Official Docs: