API Name: sn_devstudio.VCSAppAccessCheck
var VCSAppAccessCheck = (function() {
return {
verifyReadAccess : function(appId) {
var gr = attemptAppLoad(appId);
if (!gr.canRead())
throwAccessDenied(appId);
},
verifyWriteAccess : function(appId) {
var gr = attemptAppLoad(appId);
// PRB683568 : For delegated developers canWrite always gives false
// PRB1365169 : modified the temporary fix originally made for PRB683568
// which was calling canRead() for all users
if (isDelegatedDeveloper() && !gr.canRead())
throwAccessDenied(appId);
if (!isDelegatedDeveloper() && !gr.canWrite())
throwAccessDenied(appId);
},
verifyPublishAccess : function(appId) {
if (!canPublishApp(appId))
throwAccessDenied(appId);
},
verifyCreateAccess : function() {
var gr = new GlideRecord("sys_app");
if (!gr.canCreate())
throw new sn_ws_err.ServiceError()
.setStatus(403)
.setMessage("Access denied to create a new application");
}
};
function attemptAppLoad(appId) {
var gr = new GlideRecord("sys_app");
gr.addQuery('sys_id', appId);
gr.query();
if (!gr.next())
throw new sn_ws_err.NotFoundError("Invalid application id " + appId);
return gr;
}
function throwAccessDenied(appId) {
throw new sn_ws_err.ServiceError()
.setStatus(403)
.setMessage("Access denied to application " + appId);
}
function isDelegatedDeveloper() {
return gs.hasRole('delegated_developer') && !gs.hasRole('admin');
}
function canPublishApp(appId){
return sn_app_api.AppStoreAPI.canPublishToAppRepo(appId) || sn_app_api.AppStoreAPI.canPublishToAppStore(appId);
}
})();