Notifications

96 views

Description

This article demonstrates how to configure Group Members (sys_user_grmember) edit capability, so that only the Group Manager is able to edit (as in add/remove) members from the group

Procedure

Please keep in mind that this article falls beyond the scope of support as it is a customized implementation. Below are just suggestions for reference which we have provided here to help solve similar issues.

  1. Create (or modify) the three record ACLs for table - sys_user_grmember as perbelow:

    1.1 Configure a READ ACL for sys_user_grmember table
    1.2 Configure a WRITE ACL for sys_user_grmember table
    1.3 Configure a DELETE ACL for sys_user_grmember

    2. All above ACLs can have the same script code as per below: 

    var answer = false;
    if( (gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID() ) )
    { answer = true; }

    3. Configure a CREATE ACL for sys_user_grmember, since adding group member involves the many to many relationship on the saved record when using slushbucket.
    Below is the code suggestion to make the CREATE ACL work:

    var answer = validate();
    function validate(){
     if( gs.hasRole('user_admin') ) {
      return true;
     }
    else{
      var manager = current.group.manager;

      if(manager !='' && manager == gs.getUserID())
      { //check in current relationship
        return true;
      }
      else { //check in parent relationship
        var parentManager = parent.manager;
        var parentName = parent.name;
        if(parentManager == gs.getUserID() )
        {
          return true;
        }
      }
     }
    }

Applicable Versions

All

 

Article Information

Last Updated:2019-05-21 11:51:09
Published:2019-01-28