Name
sn_hr_er.er_CaseAccessBase
Description
Base class of methods used for Employee Relations Case access. Edit script include er_CaseAccess to override specific methods or add custom functionality.
Script
var er_CaseAccessBase = Class.create();
er_CaseAccessBase.prototype = {
initialize: function() {
},
type: 'er_CaseAccessBase'
};
er_CaseAccessBase.securityUtils = new sn_hr_er.er_SecurityUtils();
/* Whether the current user can read the given task record
* @param GlideRecord gr The task to be tested against
* @return Boolean True if the current user can read the given task
*/
er_CaseAccessBase.canReadTask = function(gr) {
if (er_CaseAccessBase.hasReaderRole() && er_CaseAccessBase.canAccessParentCase(gr.getValue('parent'), true) && !er_CaseAccessBase.securityUtils.isOpenedForOrSubjectPerson(gr.parent))
return true;
else
return er_CaseAccessBase._hasAssignedAccess(gr);
};
/* Whether the current user can write the given task record
* @param GlideRecord gr The task to be tested against
* @return Boolean True if the current user can write the given task
*/
er_CaseAccessBase.canEditTask = function(gr) {
if (er_CaseAccessBase.hasWriterRole() && er_CaseAccessBase.canAccessParentCase(gr.getValue('parent'), false) && !er_CaseAccessBase.securityUtils.isOpenedForOrSubjectPerson(gr.parent))
return true;
else
return er_CaseAccessBase._hasAssignedAccess(gr);
};
/* Whether the current user was granted explicit access to the task record
* @param GlideRecord gr The task to be tested against
* @return Boolean True if the current user has explicit access to the task record
*/
er_CaseAccessBase._hasAssignedAccess = function (gr) {
var userId = gs.getUserID();
// Check if the user belongs to the assignment group
if (!gs.nil(gr.assignment_group) && new global.HRSecurityUtils().isMemberOfGroup(userId, gr.assignment_group.toString()))
return true;
// Check if it's a user in the watch list field
if (!gs.nil(gr.watch_list) && gr.watch_list.indexOf(userId) > -1)
return true;
// Check if the task is assigned to the user
if (!gs.nil(gr.assigned_to) && gr.assigned_to == userId)
return true;
// Check if the task is delegated to the user
if (GlidePluginManager().isActive('com.glide.granular_service_delegation') && new sn_delegation.DelegationUtil().isRecordDelegatedToUser(userId, gr))
return true;
return false;
};
/* Whether the current user can read the given case record
* @param GlideRecord gr The case to be tested against
* @return Boolean True if the current user can read the given case
*/
er_CaseAccessBase.canReadCaseRecord = function(gr) {
if (parseInt(gr.getValue('locked')) && !(er_CaseAccessBase.securityUtils.canSeeLockedCase(gr)))
return false;
return er_CaseAccessBase.canReadCase(gr, true) || er_CaseAccessBase.canReadParent(gr);
};
/* Whether the current user can read the given case record via role permission
* @param GlideRecord gr The case to be tested against
* @param Boolean checkedLockAccess True if lock access has already been checked
* @return Boolean True if the current user can read the given case
*/
er_CaseAccessBase.canReadCase = function(gr, checkedLockAccess) {
var failedRead = false;
if (er_CaseAccessBase.hasReaderRole())
if (er_CaseAccessBase.checkPolicy(gr, sn_hr_core.hr_SecurityUtils.READ))
return true;
else
failedRead = true;
return sn_hr_core.hr_Case.userHasSubjectPersonAccess(gr) || er_CaseAccessBase.canEditCase(gr, failedRead, checkedLockAccess);
};
/* Check if the current user can edit the given case
* @param GlideRecord gr The case to be tested against
* @param Boolean failedReadPolicy True if the user failed read policies for the case
* @param Boolean checkedLockAccess True if lock access has already been checked
* @return Boolean True if the current user can edit the case
*/
er_CaseAccessBase.canEditCase = function(gr, failedReadPolicy, checkedLockAccess) {
if (gr.isNewRecord() || gr.getValue('sys_id') === null)
return true;
if (!checkedLockAccess && parseInt(gr.getValue('locked')) && !(er_CaseAccessBase.securityUtils.canSeeLockedCase(gr)))
return false;
var user = gs.getUserID();
if (er_CaseAccessBase.hasWriterRole() && !failedReadPolicy) {
if (er_CaseAccessBase.checkPolicy(gr, sn_hr_core.hr_SecurityUtils.WRITE))
return true;
}
// Check if it's the user who opened the case
if (!gs.nil(gr.opened_by) && gr.opened_by == user)
return true;
// Check if it's the user for whom the case was opened for
if (!gs.nil(gr.opened_for) && gr.opened_for == user)
return true;
// Check if the user is in the watch list field
if (!gs.nil(gr.watch_list) && gr.watch_list.indexOf(user) > -1)
return true;
// Check if the user is in the collaborator list field
if (er_CaseAccessBase.hasCollaboratorAccess(gr, user))
return true;
return false;
};
/* Whether the current user has the ER case reader role
* @return Boolean True if the current user has the ER case reader role
*/
er_CaseAccessBase.hasReaderRole = function() {
return new sn_hr_core.hr_Utils().checkUserHasRole('sn_hr_er.case_reader');
};
/* Whether the current user has the ER case writer role
* @return Boolean True if the current user has the ER case writer role
*/
er_CaseAccessBase.hasWriterRole = function() {
return new sn_hr_core.hr_Utils().checkUserHasRole('sn_hr_er.case_writer');
};
/* Check if the current user has policy access to a given case for a given operation
* @param GlideRecord gr The case to be tested against
* @param String operation read or write
* @return Boolean True if the current user has policy access to the case
*/
er_CaseAccessBase.checkPolicy = function(gr, operation) {
return new sn_hr_core.hr_SecurityUtils().getCoeSecurityPolicy(gr, operation);
};
/* Check if the current user has access to the case via the parent case
* @param GlideRecord gr The case to be tested against
* @return Boolean True if the current user has parent access to the case
*/
er_CaseAccessBase.canReadParent = function(gr) {
var parent = gr.parent;
var user = gs.getUserID();
if (!gs.nil(parent))
return parent.opened_for == user || parent.opened_by == user || parent.watch_list.toString().indexOf(user) >=0 || er_CaseAccessBase.hasCollaboratorAccess(parent, user);
else
return false;
};
/* Check if the current user can read or write the secondary ER record's parent case
* @param String caseId sys_id of the parent case
* @param Boolean readNotWrite True if testing read, false if testing write
* @return Boolean True if the parent case can be found and accessed by the current user
*/
er_CaseAccessBase.canAccessParentCase = function (caseId, readNotWrite) {
if (!caseId)
return true;
var gr = new GlideRecord('sn_hr_er_case');
if (gr.get(caseId)) {
if (readNotWrite)
return gr.canRead();
else
return gr.canWrite();
}
return false;
};
/* Check if the current user belongs to the collaborator list for the Case
* @param GlideRecord case Glide Record of the case
* @param String user sysId of the User which is in collaborators or not
* @return Boolean True if the current user is one of the collaborator
*/
er_CaseAccessBase.hasCollaboratorAccess = function(caseGr, user) {
return (!gs.nil(caseGr.collaborators) && caseGr.collaborators.indexOf(user) > -1 && er_CaseAccessBase.hasWriterRole());
};
/* Whether the current user is impersonate, and whether it matters
* @return Boolean is user impersonating + is the impersonation property on
*/
er_CaseAccessBase.impersonateCheck = function() {
return new sn_hr_core.hr_CoreUtils().impersonateCheck();
};
Sys ID
c989ded3ff630010a9e7faf9453bf15c