Issue
This article demonstrates how to configure Group Members (sys_user_grmember) edit capability, so that only the Group Manager is able to edit (as in add/remove) members from the group.
Release
All releases
Resolution
Please keep in mind that this article falls beyond the scope of support as it is a customized implementation. Below are just suggestions for reference which we have provided here to help solve similar issues.
- Create (or modify) the three record ACLs for table sys_user_grmember as per below:
1.1 Configure a READ ACL for sys_user_grmember table
1.2 Configure a WRITE ACL for sys_user_grmember table
1.3 Configure a DELETE ACL for sys_user_grmember
2. All above ACLs can have the same script code as per below:
var answer = false;
3. Configure a CREATE ACL for sys_user_grmember, since adding group member involves the many to many relationship on the saved record when using slushbucket.
if( (gs.hasRole('user_admin')) || (current.group.manager == gs.getUserID() ) )
{ answer = true; }
Below is the code suggestion to make the CREATE ACL work:
var answer = validate();
function validate(){
if( gs.hasRole('user_admin') ) {
return true;
}
else{
var manager = current.group.manager;
if(manager !='' && manager == gs.getUserID())
{ //check in current relationship
return true;
}
else { //check in parent relationship
var parentManager = parent.manager;
var parentName = parent.name;
if(parentManager == gs.getUserID() )
{
return true;
}
}
}
}