Name
sn_hr_er.er_SecurityUtilsBase
Description
No description available
Script
var er_SecurityUtilsBase = Class.create();
er_SecurityUtilsBase.LOCK_ACTION = 'lock_action';
er_SecurityUtilsBase.VIEW_LOCKED = 'view_locked';
er_SecurityUtilsBase.WRITE_RESTRICTED_COLUMN_LIST = ["assigned_to", "assignment_group" , "external_opened_for", "hr_service" ,"incident_date" ,"opened_for" ,"preferred_contact_method","short_description","skills","state","work_notes"];
er_SecurityUtilsBase.READ_RESTRICTED_COLUMN_LIST = ["work_notes","pdf_template"];
er_SecurityUtilsBase.READ_RESTRICTED_RELATED_ENTITY_LIST = ["sn_hr_er_involved_party","sn_hr_er_allegation","sn_hr_er_interview","sn_hr_er_m2m_allegation_party","sn_hr_er_corrective_action","sn_em_evidence"];
er_SecurityUtilsBase.WRITE_RESTRICTED_RELATED_ENTITY_LIST = ["sn_hr_er_involved_party","sn_hr_er_allegation","sn_hr_er_interview","sn_hr_er_m2m_allegation_party","sn_hr_er_corrective_action","sn_em_evidence"];
er_SecurityUtilsBase.RESTRICTED_UI_ACTION_LIST = ["transfer_case","add_task","readyForWork","assign_to_me","suspend","resume","escalate_case","ws_associate_interaction","createAdditionalCase","ws_set_reminder","ws_add_task"];
er_SecurityUtilsBase.prototype = {
initialize: function() {
},
/* Check if a given user can unlock a given case
* @param GlideRecord caseGr The case to be tested against
* @param sys_id userId The user (optional)
* @return Boolean True if the given user can unlock the case
*/
canUnlockCase: function (caseGr, userId) {
return (!this.isInvolvedInCase(caseGr) && this.canLockCase(caseGr, userId) && this.canSeeLockedCase(caseGr, userId));
},
/* Check if a given user can lock a given case
* @param GlideRecord caseGr The case to be tested against
* @param sys_id userId The user (optional)
* @return Boolean True if the given user can lock the case
*/
canLockCase: function (caseGr, userId) {
return !this.isInvolvedInCase(caseGr) && this._lockEval(caseGr, userId, er_SecurityUtilsBase.LOCK_ACTION);
},
/* Check if a given user can read a locked case
* @param GlideRecord caseGr The case to be tested against
* @param sys_id userId The user (optional)
* @return Boolean True if the given user can see locked cases
*/
canSeeLockedCase: function (caseGr, userId) {
return !this.isInvolvedInCase(caseGr) && this._lockEval(caseGr, userId, er_SecurityUtilsBase.VIEW_LOCKED);
},
/* Evaluate locking configurations for a user
* @param GlideRecord caseGr The case to be tested against
* @param sys_id userId The user (optional)
* @return Boolean True if the given user passes the locking config
*/
_lockEval: function(caseGr, userId, operation) {
var tableName = caseGr.getValue('sys_class_name') || caseGr.getTableName();
var grPolicy = new GlideRecord('sn_hr_er_case_restriction');
grPolicy.addQuery('coe', tableName);
grPolicy.addQuery('type', 'case_restriction');
if (operation === er_SecurityUtilsBase.LOCK_ACTION)
grPolicy.addQuery('can_lock_cases', true);
else if (operation === er_SecurityUtilsBase.VIEW_LOCKED)
grPolicy.addQuery('can_view_locked', true);
else
return false;
grPolicy.addActiveQuery();
grPolicy.query();
if (!grPolicy.hasNext())
return false;
while (grPolicy.next()) {
if (new sn_hr_core.hr_SecurityUtils()._evaluateRule(grPolicy, userId))
return true;
}
return false;
},
/* Check if an update preventing lock reads is allowed
* @param GlideRecord caseGr The config record being updated/deleted
* @return Boolean True if the update is allowed
*/
canRemoveLockRead: function(grConfig) {
//Check if there are any active locking policies
var gr = new GlideRecord('sn_hr_er_case_restriction');
gr.addQuery('type', 'case_restriction');
gr.addActiveQuery();
gr.addQuery('can_view_locked', true);
if (grConfig)
gr.addQuery('sys_id', '!=', grConfig.getUniqueValue());
gr.setLimit(1);
gr.query();
if (!gr.hasNext()) {
//If not, check if there are any locked cases
var grCase = new GlideRecord('sn_hr_er_case');
grCase.addQuery('locked', true);
grCase.setWorkflow(false);
grCase.setLimit(1);
grCase.query();
if (!grCase.hasNext()) {
//If no locked cases, check whether locking is still possible
gr = new GlideRecord('sn_hr_er_case_restriction');
gr.addQuery('type', 'case_restriction');
gr.addQuery('can_lock_cases', true);
if (grConfig)
gr.addQuery('sys_id', '!=', grConfig.getUniqueValue());
gr.addActiveQuery();
gr.setLimit(1);
gr.query();
//If locking is still possible, prevent the update
return !(gr.hasNext());
} else {
//If there are any locked cases, prevent the update
return false;
}
}
return true;
},
/* Check if an update allowing locking is allowed
* @param GlideRecord caseGr The config record being updated/deleted
* @return Boolean True if the update is allowed
*/
canAllowCaseLocking: function(grConfig) {
var gr = new GlideRecord('sn_hr_er_case_restriction');
gr.addQuery('type', 'case_restriction');
gr.addQuery('can_view_locked', true);
if (grConfig)
gr.addQuery('sys_id', '!=', grConfig.getUniqueValue());
gr.addActiveQuery();
gr.setLimit(1);
gr.query();
return gr.hasNext();
},
/* Restrictive query for users without locked case access
* @return String Restrictive query (empty if allowed)
*/
getQueryVariables: function() {
var gr = new GlideRecord('sn_hr_er_case');
if (!this.canSeeLockedCase(gr))
return "locked=false";
return "";
},
/* Whether there are any locking configurations active
* @return Boolean True if there are any active locking configurations
*/
hasLockPolicy: function() {
var gr = new GlideRecord('sn_hr_er_case_restriction');
gr.addQuery('type', 'case_restriction');
gr.addActiveQuery();
gr.addQuery('can_view_locked', true);
gr.setLimit(1);
gr.query();
return gr.hasNext();
},
/* Check whether current logged in user is involved party and not opened for.
* @return Boolean true if current user is involved party and not opened for.
*/
isInvolvedParty: function(erCaseGr) {
var userId = gs.getUserID();
var involvedParties = new GlideRecord("sn_hr_er_involved_party");
involvedParties.addQuery("hr_case", erCaseGr.sys_id);
involvedParties.addQuery("user", userId);
if (userId == erCaseGr.opened_for)
involvedParties.addQuery("type", "!=", "complainant");
involvedParties.setLimit(1);
involvedParties.query();
if(involvedParties.hasNext())
return true;
return false;
},
/* Check whether current logged in user is opened for or subject person.
* @return Boolean true if current user is opened for or subject person.
*/
isOpenedForOrSubjectPerson: function(erCaseGr) {
var userId = gs.getUserID();
if(userId==erCaseGr.opened_for || userId==erCaseGr.subject_person)
return true;
return false;
},
/* Check whether current logged in user can access restricted ER case.
* @return Boolean true if current user can access restricted ER case.
*/
isInvolvedInCase: function(erCaseGr) {
return this.isInvolvedParty(erCaseGr) || this.isOpenedForOrSubjectPerson(erCaseGr);
},
hasListEditAccess: function(erCaseGr) {
return !this.isInvolvedInCase(erCaseGr);
},
hasReportOnAccess:function(erCaseGr)
{
return !this.isInvolvedInCase(erCaseGr);
},
hasReadAccess: function(erCaseGr) {
return !this.isInvolvedParty(erCaseGr) && er_CaseAccess.canReadCaseRecord(erCaseGr);
},
hasWriteAccess: function(erCaseGr)
{
return !this.isInvolvedParty(erCaseGr) && er_CaseAccess.canEditCase(erCaseGr);
},
hasColumnWriteAccess: function(erCaseGr, columnName) {
if (!columnName || columnName === "")
return false;
else if (er_SecurityUtilsBase.WRITE_RESTRICTED_COLUMN_LIST.indexOf(columnName)>-1)
return !this.isOpenedForOrSubjectPerson(erCaseGr);
return false;
},
hasColumnReadAccess :function(erCaseGr,columnName)
{
if (!columnName || columnName === "")
return false;
else if (er_SecurityUtilsBase.READ_RESTRICTED_COLUMN_LIST.indexOf(columnName)>-1)
return !this.isOpenedForOrSubjectPerson(erCaseGr);
return false;
},
hasERCaseRelatedEntityReadAccess: function(erCaseId,erCaseRelatedEntityName) {
if (!erCaseId)
return true;
var erCaseGr = new GlideRecord('sn_hr_er_case');
if (!erCaseGr.get(erCaseId))
return false;
if (er_SecurityUtilsBase.READ_RESTRICTED_RELATED_ENTITY_LIST.indexOf(erCaseRelatedEntityName)>-1)
return !this.isOpenedForOrSubjectPerson(erCaseGr) && er_CaseAccess.canAccessParentCase(erCaseId, true);
else if (erCaseRelatedEntityName === "sn_hr_er_accommodation")
return !this.isOpenedForOrSubjectPerson(erCaseGr);
return false;
},
hasERCaseRelatedEntityWriteAccess: function(erCaseId,erCaseRelatedEntityName) {
if (!erCaseId)
return true;
var erCaseGr = new GlideRecord('sn_hr_er_case');
if (!erCaseGr.get(erCaseId))
return false;
if (er_SecurityUtilsBase.WRITE_RESTRICTED_RELATED_ENTITY_LIST.indexOf(erCaseRelatedEntityName)>-1)
return !this.isOpenedForOrSubjectPerson(erCaseGr) && er_CaseAccess.canAccessParentCase(erCaseId,false);
else if (erCaseRelatedEntityName === "sn_hr_er_accommodation")
return !this.isOpenedForOrSubjectPerson(erCaseGr);
return false;
},
canRenderUIAction :function(erCaseGr,actionName)
{
if(er_SecurityUtilsBase.RESTRICTED_UI_ACTION_LIST.indexOf(actionName)>-1)
return !this.isOpenedForOrSubjectPerson(erCaseGr);
return true;
},
type: 'er_SecurityUtilsBase'
};
er_SecurityUtilsBase.initializeQueryVariables = function() {
er_SecurityUtilsBase.instance = new er_SecurityUtilsBase();
er_SecurityUtilsBase.userID = gs.getUserID();
delete er_SecurityUtilsBase['hasLockPolicies'];
delete er_SecurityUtilsBase['lockQuery'];
er_SecurityUtilsBase.getLockPolicies = function() {
if(!er_SecurityUtilsBase.hasOwnProperty('hasLockPolicies'))
er_SecurityUtilsBase['hasLockPolicies'] = er_SecurityUtilsBase.instance.hasLockPolicy(gs.getUserID());
return er_SecurityUtilsBase['hasLockPolicies'];
};
er_SecurityUtilsBase.getLockQuery = function() {
if(!er_SecurityUtilsBase.hasOwnProperty('lockQuery'))
er_SecurityUtilsBase['lockQuery'] = er_SecurityUtilsBase.instance.getQueryVariables(gs.getUserID());
return er_SecurityUtilsBase['lockQuery'];
};
};
er_SecurityUtilsBase.initializeQueryVariables();
Sys ID
eac39aafff270010a9e7faf9453bf15d