Organizations provide permissions and privileges to various sections of staff according to their roles and profiles. In order to make sure that the data within Qntrl can only be deleted by the right personnel, organizations can implement complex criteria and conditions using server scripts.
Business Scenario
To delete cards of the Appraisal orchestration of Zylker organization, the user in Qntrl must have a Product Admin role. Employees with the User profile must not be allowed to delete a card, and cards with due dates in the future must not be deleted.
Note
: Even if a user's profile or role does not have permissions in Access Control to delete a card, this server script overwrites the existing permissions and allows the user to delete the card.
Solution
When a user tries to delete a card in
Appraisal
orchestration, you can trigger server scripts to check user permissions and restrict the deletion operation.
-
Create a server script and code the logic to validate the users who perform delete operation.
-
Delete a card in
Appraisal
orchestration and test the server script.
Sample Configuration
Step 1: Create an orchestration
Create a new
orchestration titled 'Appraisal' and add relevant custom fields to it.
Once the form is saved, proceed to design the blueprint, set permissions, and publish the orchestration.
Step 2: Code server scripts
Create a new
server script for the
Appraisal
orchestration to validate users.
-
Click
New Script
and enter the name as 'Validate card deletion'.
-
Choose
Appraisal
in the
Form
dropdown.
-
Choose
Job
as the
Execution Location
to execute the script.
-
Choose
Before Delete
as the
Execution Trigger
to execute this script whenever the card page loads.
-
Copy and paste the below script into your script editor and replace the parameter names.
-
You can use the ? icon at the top-right corner of the script editor to refer to parameter names.
-
Once the script is ready,
Publish
it.
-
function beforeDelete(){
-
var userProfileId = "<enter profile ID here>";
-
//Get profile ID from our API doc: Get profile details
-
var productAdminRoleId = "<enter role ID here>";
-
//Get role ID from our API doc: Get role details
-
-
// This script allows users with Product Admin role alone to delete the cards. Employees with User profiles cannot delete the card.
-
// Also due date must exceed the current date. Otherwise reject the card deletion.
-
-
var user = current.User;
-
var profile = user.getProfile();
-
var roles = user.getRoles();
-
if (profile.getId() == userProfileId) {
-
throwError("You do not have permission to delete the card");
-
}
-
-
var hasRole = false;
-
for (var i = 0; i < roles.length; i++) {
-
var role = roles[i];
-
if (role.getId() == productAdminRoleId) {
-
hasRole = true;
-
break;
-
}
-
}
-
-
if (!hasRole) {
-
throwError("You don't have Product Admin role to delete this card");
-
}
-
-
var dueDate = current.Job.getValue(current.Layout.Fields.duedate.id);
-
if (dueDate) {
-
var currentMillis = Date.now();
-
var dueDateMillis = dateStringToTimestamp(dueDate);
-
console.log("currentMillis < dueDateMillis = " + currentMillis < dueDateMillis);
-
if (currentMillis < dueDateMillis) {
-
throwError("Card's due date is in the future. Cannot delete it.");
-
}
-
}
-
-
return true;
-
-
}
-
-
-
function dateStringToTimestamp(dateString) {
-
// logic based on exact dateformat: mm-dd-yyyy h:mm a
-
if (!dateString || !(typeof dateString === "string")) {
-
return null;
-
}
-
-
var target = new Date();
-
-
dateString = dateString.trim();
-
var spaceSplitted = dateString.split(" ");
-
-
var datePart = spaceSplitted[0];
-
var dateSplitted = datePart.split("-");
-
target.setMonth(+dateSplitted[0] - 1);
-
target.setDate(dateSplitted[1]);
-
target.setFullYear(dateSplitted[2]);
-
-
if (!spaceSplitted[1]) {
-
// there is no time detail in given dateString
-
target.setHours(0, 0, 0, 0);
-
} else {
-
var timeSplitted = spaceSplitted[1].split(":");
-
var isAmPm = spaceSplitted[2];
-
if (!isAmPm) {
-
target.setHours(timeSplitted[0], timeSplitted[1], 0, 0);
-
} else {
-
var ampm = isAmPm.toLowerCase();
-
var hour = +timeSplitted[0];
-
var mins = +timeSplitted[1];
-
if (hour == 12 && ampm == "am") {
-
hour = 0;
-
} else if (hour == 12 && ampm == "pm") {
-
hour = 12;
-
} else if (ampm == "pm") {
-
hour += 12;
-
}
-
target.setHours(hour, mins, 0, 0);
-
}
-
}
-
return target.getTime();
-
}
Step 2: Delete card
To test the script, delete a
card from the
Appraisal
orchestration using different user profiles and roles.
-
When someone other than users in Product Admin role deletes the card, an error message is displayed as follows: ‘You don't have Product Admin role to delete this card'.
-
When someone with User profile deletes the card, an error message is displayed as follows: ‘You do not have permission to delete the card’.
-
When a card with due date in the future is deleted, an error message is thrown as follows: ‘Card's due date is in the future. Cannot delete it.’