Name
sn_hr_core.hr_SecurityUtils
Description
No description available
Script
var hr_SecurityUtils = Class.create();
hr_SecurityUtils.READ = 'read';
hr_SecurityUtils.WRITE = 'write';
hr_SecurityUtils.prototype = {
initialize: function() {
},
/* Evaluate the security policies for a given COE
* @param GlideRecord caseGr The case record
* @param String operation "read" or "write"
* @return Boolean Whether the current user passes the security policy or not
*/
getCoeSecurityPolicy: function(caseGr, operation, userId) {
var tableName = caseGr.sys_class_name || caseGr.getTableName(); //initialize with extending table name if exists
var tableHierarchy = new GlideTableHierarchy(tableName);
//parent hierarchy is list of parent tables of this table which is (getHierarchy - getAllExtensions)
var allExtensions = tableHierarchy.getAllExtensions();
var parentHierarchy = tableHierarchy.getHierarchy().filter(function (table) {
return allExtensions.indexOf(table) === -1;
});
// Query to get policies of parent tables if the applies_child_coe is true OR policies where coe is current table
var coeQuery = "applies_to_all_child_coes=true^coeIN" + parentHierarchy + "^NQcoe=" + tableName;
var operationQuery = "type=" + operation;
//Handle invalid input
if ((operation !== hr_SecurityUtils.READ && operation !== hr_SecurityUtils.WRITE) || !tableName)
return false;
if (operation == hr_SecurityUtils.READ)
operationQuery = "type=" + hr_SecurityUtils.READ + "^ORtype=" + hr_SecurityUtils.WRITE;
var grPolicy = new GlideRecord('sn_hr_core_coe_security_policy');
grPolicy.addEncodedQuery(coeQuery);
grPolicy.addEncodedQuery(operationQuery);
grPolicy.addActiveQuery();
grPolicy.query();
if (!grPolicy.hasNext())
return true;
var policyFound = false;
while (grPolicy.next()) {
var allServices = grPolicy.all_services;
if (!allServices) {
var services = grPolicy.getValue('services');
if (services.indexOf(caseGr.getValue('hr_service')) < 0)
continue;
}
var filterCondition = !grPolicy.getValue('applies_when') || GlideFilter.checkRecord(caseGr, grPolicy.getValue('applies_when'), true);
if (!filterCondition)
continue;
policyFound = true;
if (this._evaluateRule(grPolicy, userId))
return true;
}
return !policyFound;
},
_evaluateRule: function (grPolicy, userId) {
var userObj = gs.getUser();
var groupsGr = new GlideRecord('sn_hr_core_m2m_security_policy_group');
groupsGr.addQuery('security_policy', grPolicy.getUniqueValue());
groupsGr.query();
var groups = [];
while (groupsGr.next()) {
if (userId)
groups.push(groupsGr.group.toString());
else
groups.push(groupsGr.group.name.toString());
}
var groupUtil = new global.HRSecurityUtils();
var passedGroups = false;
for (var i = 0; i < groups.length; ++i) {
if (userId) {
if (groupUtil.isMemberOfGroup(userId, groups[i])) {
passedGroups = true;
break;
}
} else if (userObj.isMemberOf(groups[i])) {
passedGroups = true;
break;
}
}
return passedGroups;
},
type: 'hr_SecurityUtils'
};
Sys ID
696497e923e73300fb0c949e27bf65bd