From a8b8e3fe996174a06dd6f05320c80a54bfca812f Mon Sep 17 00:00:00 2001
From: Ilya Kulakov <kulakov.ilya@gmail.com>
Date: Sat, 3 May 2025 19:08:16 -0700
Subject: [PATCH] Warn if scripts lacks required policies

I noticed that unless the script has the `read,write,policy,test` permissions set, it won't be able to read global variables from the environment.
---
 global-functions.rsc | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/global-functions.rsc b/global-functions.rsc
index 72c36cdc..4d337bf0 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -1169,11 +1169,24 @@
       http-header-field=({ [ $FetchUserAgentStr $0 ] }) $Url output=user as-value ]->"data") ];
   } on-error={ }
 
+  :local RequiredPolicies {"read";"write";"policy";"test"};
+
   :foreach Script in=[ /system/script/find where source~"^#!rsc by RouterOS\r?\n" ] do={
     :local ScriptVal [ /system/script/get $Script ];
     :local ScriptInfo [ $ParseKeyValueStore ($ScriptVal->"comment") ];
     :local SourceNew;
 
+    :local MissingPolicies "";
+    :foreach Policy in=$RequiredPolicies do={
+      :if ([:find ($ScriptVal->"policy") $Policy -1] < 0) do={
+        :set MissingPolicies ($MissingPolicies . $Policy . ", ")
+      }
+    }
+    :if ([:len $MissingPolicies]) do={
+      :set MissingPolicies [:pick $MissingPolicies 0 ([:len $MissingPolicies] - 2)]
+      $LogPrint warning $0 ("Script '" . $ScriptVal->"name" . "' is missing policies ". $MissingPolicies "!")
+    }
+
     :foreach Scheduler in=[ /system/scheduler/find where on-event~("\\b" . $ScriptVal->"name" . "\\b") ] do={
       :local SchedulerVal [ /system/scheduler/get $Scheduler ];
       :if ($ScriptVal->"policy" != $SchedulerVal->"policy") do={