Notifications

479 views

Issue

Symptoms


Intermittent issue where customer Submits a form and it gets stuck on Submitting... on Service Portal. This issue has been noticed in very few customer instances and the precise root cause of this issue is still unknown.

The console in developer tools displays a 400 (Bad Request) error when the issue is reproduced. If you expand, the error message is as follows:

"Security constraints prevent ordering of Item"

This message is coming from one of the Scripted REST resources (sys_ws_operation):

1. Submit a Record Producer

2. Buy Item 

canView() is failing in the above Scripted REST resources.

 

Another symptom of this issue can be where customers can see catalog items that they do not have access to and vice versa.

 

Here is an example user criteria that can cause this issue:


var udc=gs.getUser().getRecord().getValue(‘u_company_code’); //the important part is gs.getUser()
if (udc=="xyz"){
answer = true;
} else {
answer = false;
}

 

Release


Noticed on Jakarta and Kingston, London instances.

 

Cause


A common configuration with all the instances facing this issue is at least one scripted User Criteria on the affected catalog item.

The user critera has session objects such as gs.getUsedID, gs.getUser or gs.getSession

The issue may be due to user criteria changing scope intermittently to sn_sc (Service Catalog Rest API) from Global and making any session object like gs.getUsedID() , gs.getUser() or gs.getSession() undefined. 

Resolution


Please change the implementation of the user criteria and implement the function through a script include instead. The script include is scope aware and can be made Global scope and also make it available through all scopes. This will ensure that the value is returned correctly every single time without failing intermittently. 

Here is an example of the User criteria and script include which you can follow and implement on all the user criteria on the affected catalog items. 


Please note that these are just examples. Test the user criteria thoroughly before you implement them in the production instance.

 

Example of the script include:


Name: UserCriteriaHelper
Application: Global
Accessible from: All application scopes

Script:

var UserCriteriaHelper = Class.create();
UserCriteriaHelper.prototype = {
initialize: function() {
},

getUserCountry : function(){
gs.include('j2js');
var user_id = gs.getUserID();
var result = '';
if (JSUtil.notNil(user_id)){
var gr = new GlideRecord('sys_user');
if (gr.get(user_id)){
result = j2js(gr.getValue('u_country'));
}
}
return result;

},

getUserLanguage : function(){
gs.include('j2js');
var user_id = gs.getUserID();
var result = '';
if (JSUtil.notNil(user_id)){
var gr = new GlideRecord('sys_user');
if (gr.get(user_id)){
result = j2js(gr.getValue('preferred_language'));
}
}
return result;


},


type: 'UserCriteriaHelper'
};

 



User Criteria Example::

Name: Language Preference
Script:

var uch = new global.UserCriteriaHelper();
var user_lang = uch.getUserLanguage();

if (user_lang == 'en') {
answer=true;

}
else
{
answer=false;

}

 


 

Modify the above script include and user criteria as per the business case. Please note that the script includes should be Global and available from all scopes. 

Article Information

Last Updated:2019-08-02 20:58:25
Published:2019-06-07