Name

global.SecurityMechanic

Description

Simple case ACL manipulation

Script

gs.include("PrototypeServer");

var SecurityMechanic = Class.create();

SecurityMechanic.prototype = {
RULE_NAME : 'System Generated Rule',

initialize: function(tableName, fieldName, operation) {
   this.tableName = tableName;
   this.fieldName = fieldName;
   this.operation = operation;
},

getList: function() {
  if (!this.trusted())
     return;

  var cls = new GlideChoiceListSet();
  var available = cls.getColumns(); 
  var selected = cls.getSelected();
  var gr = new GlideRecord('sys_user_role');
  gr.orderBy('name');
  gr.query();
  while (gr.next()) {
     available.add(gr.sys_id, gr.name);
  }
  this.mergeExisting(available, selected);
  var document =  cls.toXML(); 
  
  var e = document.getDocumentElement(); 
  this.addWarnings(e);

  answer = document;
  return document;
},

addWarnings : function(e) {
  var gr = new GlideRecord('sys_security_acl');
  gr.addQuery('name', this.tableName);
  gr.addQuery('operation', this.operation);
  gr.query();
  if (gr.next()) {
     e.setAttribute('row_rule', 'true');
  } else
     e.setAttribute('row_rule', 'false');

  gr = new GlideRecord('sys_security_acl');
  gr.addQuery('name', this.tableName + '.' + this.fieldName);
  gr.addQuery('operation', this.operation);
  gr.query();
  var hasOther = 'false';
  while (gr.next()) {
     if (gr.description != this.RULE_NAME && !this.canUsurp(gr))
         hasOther = 'true';
  } 
  e.setAttribute('field_rule', hasOther);
},

getRule : function() {
   var gr = new GlideRecord('sys_security_acl');
   gr.addQuery('name', this.tableName + '.' + this.fieldName);
   gr.addQuery('operation', this.operation);
   gr.addQuery('description', this.RULE_NAME);
   gr.query();
   gr.next();
   if (!gr.isValidRecord()) {
      var gr2 = new GlideRecord('sys_security_acl');
      gr2.addQuery('name', this.tableName + '.' + this.fieldName);
      gr2.addQuery('operation', this.operation);
      gr2.query();
      gr2.next();
      if (this.canUsurp(gr2))
         return gr2;
   }
   return gr;
},

canUsurp : function(gr) {
   return gr.getRowCount() == 1 && gr.script.nil() && gr.condition.nil();
},

mergeExisting : function(available, selected) {
   var gr = this.getRule();
   if (!gr.isValidRecord())
      return;

   var roles = new GlideRecord('sys_security_acl_role');
   roles.addQuery('sys_security_acl', gr.sys_id);
   roles.orderBy('sys_user_role.name');
   roles.query();
   while (roles.next()) {
       var choice = available.removeChoice(roles.sys_user_role);
       selected.add(choice);
   }

},

saveList: function(fields) {
  if (!this.trusted())
     return;

  var a = fields.split(',');
  var rule = this.getRule();
  if (!rule.isValidRecord()) {
      rule.initialize();
      rule.name=this.tableName + '.' + this.fieldName;
      rule.description = this.RULE_NAME;
      rule.operation = this.operation;
      var rule_id = rule.insert();
  } else
      var rule_id = rule.sys_id + '';


  var gr = new GlideRecord('sys_security_acl_role');
  gr.addQuery('sys_security_acl', rule_id);
  gr.deleteMultiple();
  gr.initialize();
  for (var i =0; i < a.length; i++) {
     gr.sys_user_role = a[i];
     gr.sys_security_acl = rule_id;
     gr.insert();
  }
},

trusted: function() {
  return gs.hasRole('admin') || !RhinoEnvironment.useSandbox();
},

reset: function(tableName) {
  GlideCacheManager.flush("syscache_realform");
}


};

















Sys ID

f071e2c20a0a0b240073e27fab33b7c1

Offical Documentation

Official Docs: