Name

sn_hr_er.er_SecurityUtilsBase

Description

No description available

Script

var er_SecurityUtilsBase = Class.create();
er_SecurityUtilsBase.LOCK_ACTION = 'lock_action';
er_SecurityUtilsBase.VIEW_LOCKED = 'view_locked';
er_SecurityUtilsBase.WRITE_RESTRICTED_COLUMN_LIST = ["assigned_to", "assignment_group" , "external_opened_for", "hr_service" ,"incident_date" ,"opened_for" ,"preferred_contact_method","short_description","skills","state","work_notes"];
er_SecurityUtilsBase.READ_RESTRICTED_COLUMN_LIST = ["work_notes","pdf_template"];
er_SecurityUtilsBase.READ_RESTRICTED_RELATED_ENTITY_LIST = ["sn_hr_er_involved_party","sn_hr_er_allegation","sn_hr_er_interview","sn_hr_er_m2m_allegation_party","sn_hr_er_corrective_action","sn_em_evidence"];
er_SecurityUtilsBase.WRITE_RESTRICTED_RELATED_ENTITY_LIST = ["sn_hr_er_involved_party","sn_hr_er_allegation","sn_hr_er_interview","sn_hr_er_m2m_allegation_party","sn_hr_er_corrective_action","sn_em_evidence"];
er_SecurityUtilsBase.RESTRICTED_UI_ACTION_LIST = ["transfer_case","add_task","readyForWork","assign_to_me","suspend","resume","escalate_case","ws_associate_interaction","createAdditionalCase","ws_set_reminder","ws_add_task"];
er_SecurityUtilsBase.prototype = {
  initialize: function() {
  },
  
  /* Check if a given user can unlock a given case
   * @param  GlideRecord caseGr The case to be tested against
   * @param  sys_id      userId The user (optional)
   * @return Boolean            True if the given user can unlock the case
   */
  canUnlockCase: function (caseGr, userId) {
  	return (!this.isInvolvedInCase(caseGr) && this.canLockCase(caseGr, userId) && this.canSeeLockedCase(caseGr, userId));
  },
  /* Check if a given user can lock a given case
   * @param  GlideRecord caseGr The case to be tested against
   * @param  sys_id      userId The user (optional)
   * @return Boolean            True if the given user can lock the case
   */
  canLockCase: function (caseGr, userId) {
  	return !this.isInvolvedInCase(caseGr) && this._lockEval(caseGr, userId, er_SecurityUtilsBase.LOCK_ACTION);
  },
  /* Check if a given user can read a locked case
   * @param  GlideRecord caseGr The case to be tested against
   * @param  sys_id      userId The user (optional)
   * @return Boolean            True if the given user can see locked cases
   */
  canSeeLockedCase: function (caseGr, userId) {
  	return !this.isInvolvedInCase(caseGr) && this._lockEval(caseGr, userId, er_SecurityUtilsBase.VIEW_LOCKED);
  },
  /* Evaluate locking configurations for a user
   * @param  GlideRecord caseGr The case to be tested against
   * @param  sys_id      userId The user (optional)
   * @return Boolean            True if the given user passes the locking config
   */
  _lockEval: function(caseGr, userId, operation) {
  	var tableName = caseGr.getValue('sys_class_name') || caseGr.getTableName();
  	
  	var grPolicy = new GlideRecord('sn_hr_er_case_restriction');
  	grPolicy.addQuery('coe', tableName);
  	grPolicy.addQuery('type', 'case_restriction');
  	if (operation === er_SecurityUtilsBase.LOCK_ACTION)
  		grPolicy.addQuery('can_lock_cases', true);
  	else if (operation === er_SecurityUtilsBase.VIEW_LOCKED)
  		grPolicy.addQuery('can_view_locked', true);
  	else
  		return false;
  	grPolicy.addActiveQuery();
  	grPolicy.query();
  	if (!grPolicy.hasNext())
  		return false;
  	while (grPolicy.next()) {
  		if (new sn_hr_core.hr_SecurityUtils()._evaluateRule(grPolicy, userId))
  			return true;
  	}
  	return false;
  },
  /* Check if an update preventing lock reads is allowed
   * @param  GlideRecord caseGr The config record being updated/deleted
   * @return Boolean            True if the update is allowed
   */
  canRemoveLockRead: function(grConfig) {
  	//Check if there are any active locking policies
  	var gr = new GlideRecord('sn_hr_er_case_restriction');
  	gr.addQuery('type', 'case_restriction');
  	gr.addActiveQuery();
  	gr.addQuery('can_view_locked', true);
  	if (grConfig)
  		gr.addQuery('sys_id', '!=', grConfig.getUniqueValue());
  	gr.setLimit(1);
  	gr.query();
  	if (!gr.hasNext()) {
  		//If not, check if there are any locked cases
  		var grCase = new GlideRecord('sn_hr_er_case');
  		grCase.addQuery('locked', true);
  		grCase.setWorkflow(false);
  		grCase.setLimit(1);
  		grCase.query();
  		if (!grCase.hasNext()) {
  			//If no locked cases, check whether locking is still possible
  			gr = new GlideRecord('sn_hr_er_case_restriction');
  			gr.addQuery('type', 'case_restriction');
  			gr.addQuery('can_lock_cases', true);
  			if (grConfig)
  				gr.addQuery('sys_id', '!=', grConfig.getUniqueValue());
  			gr.addActiveQuery();
  			gr.setLimit(1);
  			gr.query();
  			//If locking is still possible, prevent the update
  			return !(gr.hasNext());
  		} else {
  			//If there are any locked cases, prevent the update
  			return false;
  		}
  	}
  	return true;
  },
  /* Check if an update allowing locking is allowed
   * @param  GlideRecord caseGr The config record being updated/deleted
   * @return Boolean            True if the update is allowed
   */
  canAllowCaseLocking: function(grConfig) {
  	var gr = new GlideRecord('sn_hr_er_case_restriction');
  	gr.addQuery('type', 'case_restriction');
  	gr.addQuery('can_view_locked', true);
  	if (grConfig)
  		gr.addQuery('sys_id', '!=', grConfig.getUniqueValue());
  	gr.addActiveQuery();
  	gr.setLimit(1);
  	gr.query();
  	return gr.hasNext();
  },
  /* Restrictive query for users without locked case access
   * @return String Restrictive query (empty if allowed)
   */
  getQueryVariables: function() {
  	var gr = new GlideRecord('sn_hr_er_case');
  	if (!this.canSeeLockedCase(gr))
  		return "locked=false";
  		
  	return "";
  },
  /* Whether there are any locking configurations active
   * @return Boolean True if there are any active locking configurations
   */
  hasLockPolicy: function() {
  	var gr = new GlideRecord('sn_hr_er_case_restriction');
  	gr.addQuery('type', 'case_restriction');
  	gr.addActiveQuery();
  	gr.addQuery('can_view_locked', true);
  	gr.setLimit(1);
  	gr.query();
  	return gr.hasNext();
  },
  /* Check whether current logged in user is involved party and not opened for.
   * @return Boolean true if current user is involved party and not opened for.
  */
  isInvolvedParty: function(erCaseGr) {
  	var userId = gs.getUserID();
  	var involvedParties = new GlideRecord("sn_hr_er_involved_party");
  	involvedParties.addQuery("hr_case", erCaseGr.sys_id);
  	involvedParties.addQuery("user", userId);
  	if (userId == erCaseGr.opened_for) 
         involvedParties.addQuery("type", "!=", "complainant");
       
  	involvedParties.setLimit(1);
  	involvedParties.query();
  	if(involvedParties.hasNext())
  		return true;
  
  	return false;
  },
  /* Check whether current logged in user is opened for or subject person.
   * @return Boolean true if current user is opened for or subject person.
  */
  isOpenedForOrSubjectPerson: function(erCaseGr) {
  	var userId = gs.getUserID();
  	if(userId==erCaseGr.opened_for || userId==erCaseGr.subject_person)
  		return true;
  	return false;
  },
  /* Check whether current logged in user can access restricted ER case.
   * @return Boolean true if current user can access restricted ER case.
  */
  isInvolvedInCase: function(erCaseGr) {
  	return this.isInvolvedParty(erCaseGr) || this.isOpenedForOrSubjectPerson(erCaseGr);
  },
  hasListEditAccess: function(erCaseGr) {
  	return !this.isInvolvedInCase(erCaseGr);
  },
  hasReportOnAccess:function(erCaseGr)
  {
  	return !this.isInvolvedInCase(erCaseGr);
  },
  hasReadAccess: function(erCaseGr) {
  	return !this.isInvolvedParty(erCaseGr) && er_CaseAccess.canReadCaseRecord(erCaseGr);	
  	},
  hasWriteAccess: function(erCaseGr)
  {
  	return !this.isInvolvedParty(erCaseGr) && er_CaseAccess.canEditCase(erCaseGr);
  },
  hasColumnWriteAccess: function(erCaseGr, columnName) {
  	if (!columnName || columnName === "")
  		return false;
  	
  	else if (er_SecurityUtilsBase.WRITE_RESTRICTED_COLUMN_LIST.indexOf(columnName)>-1)
  		return !this.isOpenedForOrSubjectPerson(erCaseGr);
  	
  	return false;
  },
  hasColumnReadAccess :function(erCaseGr,columnName)
  {
  	if (!columnName || columnName === "")
  		return false;
  	
  	else if (er_SecurityUtilsBase.READ_RESTRICTED_COLUMN_LIST.indexOf(columnName)>-1)
  		return !this.isOpenedForOrSubjectPerson(erCaseGr);
  
  	return false;
  },
  hasERCaseRelatedEntityReadAccess: function(erCaseId,erCaseRelatedEntityName) {
  	if (!erCaseId)
  		return true;
  	var erCaseGr = new GlideRecord('sn_hr_er_case');
  	if (!erCaseGr.get(erCaseId))
  		return false;
  	if (er_SecurityUtilsBase.READ_RESTRICTED_RELATED_ENTITY_LIST.indexOf(erCaseRelatedEntityName)>-1) 
  		return !this.isOpenedForOrSubjectPerson(erCaseGr) && er_CaseAccess.canAccessParentCase(erCaseId, true);
  	else if (erCaseRelatedEntityName === "sn_hr_er_accommodation") 
  		return !this.isOpenedForOrSubjectPerson(erCaseGr);
  	return false;
  },
hasERCaseRelatedEntityWriteAccess: function(erCaseId,erCaseRelatedEntityName) {
  	if (!erCaseId)
  		return true;
  	var erCaseGr = new GlideRecord('sn_hr_er_case');
  	if (!erCaseGr.get(erCaseId))
  		return false;
  	if (er_SecurityUtilsBase.WRITE_RESTRICTED_RELATED_ENTITY_LIST.indexOf(erCaseRelatedEntityName)>-1) 
  		return !this.isOpenedForOrSubjectPerson(erCaseGr) && er_CaseAccess.canAccessParentCase(erCaseId,false);
  	else if (erCaseRelatedEntityName === "sn_hr_er_accommodation")
  		return !this.isOpenedForOrSubjectPerson(erCaseGr);
  	return false;
  },
  canRenderUIAction :function(erCaseGr,actionName)
  {
  	if(er_SecurityUtilsBase.RESTRICTED_UI_ACTION_LIST.indexOf(actionName)>-1)
  		return !this.isOpenedForOrSubjectPerson(erCaseGr);
  	
  	
  	return true;
  },
  type: 'er_SecurityUtilsBase'
};
er_SecurityUtilsBase.initializeQueryVariables = function() {
  er_SecurityUtilsBase.instance = new er_SecurityUtilsBase();
  er_SecurityUtilsBase.userID = gs.getUserID();
  delete er_SecurityUtilsBase['hasLockPolicies'];
  delete er_SecurityUtilsBase['lockQuery'];
  
  er_SecurityUtilsBase.getLockPolicies = function() {
  	if(!er_SecurityUtilsBase.hasOwnProperty('hasLockPolicies'))
  		er_SecurityUtilsBase['hasLockPolicies'] = er_SecurityUtilsBase.instance.hasLockPolicy(gs.getUserID());
  	return er_SecurityUtilsBase['hasLockPolicies'];
  };
  
  er_SecurityUtilsBase.getLockQuery = function() {
  	if(!er_SecurityUtilsBase.hasOwnProperty('lockQuery'))
  		er_SecurityUtilsBase['lockQuery'] = er_SecurityUtilsBase.instance.getQueryVariables(gs.getUserID());
  	return er_SecurityUtilsBase['lockQuery'];
  };
};
er_SecurityUtilsBase.initializeQueryVariables();

Sys ID

eac39aafff270010a9e7faf9453bf15d

Offical Documentation

Official Docs: