API Name: sn_devstudio.VCSAppAccessCheck

var VCSAppAccessCheck = (function() {

return {
verifyReadAccess : function(appId) {
var gr = attemptAppLoad(appId);
if (!gr.canRead())
throwAccessDenied(appId);
},

verifyWriteAccess : function(appId) {
var gr = attemptAppLoad(appId);
// PRB683568 : For delegated developers canWrite always gives false
// PRB1365169 : modified the temporary fix originally made for PRB683568
// which was calling canRead() for all users
if (isDelegatedDeveloper() && !gr.canRead())
throwAccessDenied(appId);
if (!isDelegatedDeveloper() && !gr.canWrite())
throwAccessDenied(appId);
},

verifyPublishAccess : function(appId) {
if (!canPublishApp(appId))
throwAccessDenied(appId);
},

verifyCreateAccess : function() {
var gr = new GlideRecord("sys_app");
if (!gr.canCreate())
throw new sn_ws_err.ServiceError()
.setStatus(403)
.setMessage("Access denied to create a new application");
}
};

function attemptAppLoad(appId) {
var gr = new GlideRecord("sys_app");
gr.addQuery('sys_id', appId);
gr.query();
if (!gr.next())
throw new sn_ws_err.NotFoundError("Invalid application id " + appId);
return gr;
}

function throwAccessDenied(appId) {
throw new sn_ws_err.ServiceError()
.setStatus(403)
.setMessage("Access denied to application " + appId);
}

function isDelegatedDeveloper() {
return gs.hasRole('delegated_developer') && !gs.hasRole('admin');
}

function canPublishApp(appId){
return sn_app_api.AppStoreAPI.canPublishToAppRepo(appId) || sn_app_api.AppStoreAPI.canPublishToAppStore(appId);
}

})();