This commit is contained in:
@@ -41,11 +41,11 @@ export default {
|
||||
///<summary>OpsAdminFull</summary>
|
||||
OpsAdminFull: 16384
|
||||
},
|
||||
hasRole(role) {
|
||||
hasRole(desiredRole) {
|
||||
if (!store.state.roles || store.state.roles === 0) {
|
||||
return false;
|
||||
}
|
||||
return role === (store.state.roles & role);
|
||||
return (store.state.roles & desiredRole) != 0;
|
||||
},
|
||||
/////////////////////////////////
|
||||
//
|
||||
@@ -82,30 +82,33 @@ export default {
|
||||
|
||||
//calculate the effective rights taking into consideration self owned etc
|
||||
|
||||
var canChange =
|
||||
objectRoleRights.Change === (userRole & objectRoleRights.Change);
|
||||
var canEditOwn =
|
||||
objectRoleRights.EditOwn === (userRole & objectRoleRights.EditOwn);
|
||||
var canReadFullRecord =
|
||||
objectRoleRights.ReadFullRecord ===
|
||||
(userRole & objectRoleRights.ReadFullRecord);
|
||||
//NOTE: for bitwise comparison we do this:
|
||||
//Desired role to check can be a single role value or the intersection of multiple bits of role values,
|
||||
//for example if it's a single role then just that number is used (i.e. 2)
|
||||
//however if its a bunch of roles that can do that operation they need to be intersected (i.e. 2|32|128) which returns a single value for comparison
|
||||
//and that's how they come from the server so for example a widget change bizrole requires
|
||||
// Change = AuthorizationRoles.BizAdminFull (enum value 2) | AuthorizationRoles.InventoryFull (enum value 32), these are intersected (2|32) to yield 34
|
||||
//now I can compare the user role to 34 to check if either of those two roles are set like this:
|
||||
//All roles except inventoryfull = 32735 so to be clear it has BizAdminFull which is enough to change a widget, so to check:
|
||||
// (32735&34) will be nonzero (true), specifically it will calculate to 2 but we don't care about the exact number, just that it isn't zero which
|
||||
//would indicate that none of the bit fields to check against are set in the user role hence they don't have that right.
|
||||
//if we need to combine rights just do it like in c# by intersection operator | (2|32) = 34
|
||||
//UserCurrentRole & (desiredRole) == 0 or false if no desired role bits set in currentrole or non zero if any of the bits are a match
|
||||
//
|
||||
|
||||
var canChange = !!(userRole & objectRoleRights.Change);
|
||||
var canEditOwn = !!(userRole & objectRoleRights.EditOwn);
|
||||
var canReadFullRecord = !!(userRole & objectRoleRights.ReadFullRecord);
|
||||
|
||||
//TEST BizAdminLimited, should only be able to read full record, no edit, no change rights
|
||||
var testUserBizAdminLimited = {
|
||||
//TEST BizAdminLimited, should only be able to read full record, no edit, no change rights
|
||||
var testUserBizAdminLimited = {
|
||||
userId: 2,
|
||||
roles: 1
|
||||
};
|
||||
|
||||
var canChange2 =
|
||||
objectRoleRights.Change ===
|
||||
(testUserBizAdminLimited.roles & objectRoleRights.Change);
|
||||
var canEditOwn2 =
|
||||
objectRoleRights.EditOwn ===
|
||||
(testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
|
||||
var canReadFullRecord2 =
|
||||
objectRoleRights.ReadFullRecord ===
|
||||
(testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
|
||||
var canChange2 = !!(testUserBizAdminLimited.roles & objectRoleRights.Change);
|
||||
var canEditOwn2 = !!(testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
|
||||
var canReadFullRecord2 = !!(testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
|
||||
|
||||
//widget rights required
|
||||
// Change: 34
|
||||
@@ -114,15 +117,9 @@ export default {
|
||||
//
|
||||
// ReadFullRecord: 17
|
||||
|
||||
bugbug
|
||||
|
||||
/**
|
||||
*
|
||||
* OK, we have a problem that needs to be worked out.
|
||||
* combining roles into a required right doesn't compare properly to a user with combined roles using the bitwise operators in javascript
|
||||
* test it again in c# just to see if it's some kind of platform difference or if my assumptions are fucked
|
||||
* Specifically the last thing I tried below (NO! bit)
|
||||
*
|
||||
|
||||
* NoRole = 0,
|
||||
///<summary>BizAdminLimited</summary>
|
||||
BizAdminLimited = 1,
|
||||
@@ -161,7 +158,7 @@ bugbug
|
||||
//
|
||||
roles.Add(AyaType.Widget, new BizRoleSet()
|
||||
{
|
||||
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull, =34
|
||||
Change = AuthorizationRoles.BizAdminFull (2) | AuthorizationRoles.InventoryFull (32), =34
|
||||
EditOwn = AuthorizationRoles.TechFull, = 256
|
||||
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited = 17
|
||||
});
|
||||
@@ -171,6 +168,9 @@ bugbug
|
||||
GenSeedUser(log, 1, AuthorizationRoles.DispatchLimited | AuthorizationRoles.InventoryLimited | AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, timeZoneOffset);
|
||||
(4|16|8192) = 8212
|
||||
|
||||
|
||||
|
||||
|
||||
So checking role = eg: InventoryFull === (UserRole && InventoryFull)
|
||||
But a test shows a user with role 1 bizadminlimited has no rights to readfull record a widget
|
||||
17&1=1
|
||||
@@ -187,13 +187,54 @@ let's test it:
|
||||
let's try one more with bizadminfull added to the prior all other rights and confirm it works:32735
|
||||
32735===(32735&34)=false NO! This did not work, WTF it returns 2 instead, maybe the number is too large
|
||||
|
||||
No, 2 is ok, it means that's the bit field that matches, if it returned zero that would indicate a non match in any case so...
|
||||
|
||||
3
|
||||
|
||||
Ok, this is not working as expected, need to figure this out, test it in a c# console just to confirm if there is a difference there between the two platforms when not expected.
|
||||
After some research I'm probably doing it wrong:
|
||||
|
||||
//https://codeburst.io/using-javascript-bitwise-operators-in-real-life-f551a731ff5
|
||||
// Test whether your bit number has a single attribute. '&' ensures
|
||||
// an intersection between them.
|
||||
if (myBitNumber & HAS_FOO1) {
|
||||
// False, in this example
|
||||
}
|
||||
if (myBitNumber & HAS_FOO2) {
|
||||
// True!
|
||||
}
|
||||
|
||||
// Test whether your bit number has ANY of the specified attributes
|
||||
if (myBitNumber & (HAS_FOO1 | HAS_FOO2)) {
|
||||
// True!
|
||||
}
|
||||
if (myBitNumber & (HAS_FOO1 | HAS_FOO3)) {
|
||||
// False
|
||||
}
|
||||
|
||||
// Test whether your bit number contains ONLY the specified attributes
|
||||
if (myBitNumber == (HAS_FOO2 | HAS_FOO4)) {
|
||||
// True
|
||||
}
|
||||
if (myBitNumber == (HAS_FOO2 | HAS_FOO3 | HAS_FOO4)) {
|
||||
// False
|
||||
}
|
||||
|
||||
// Test whether your bit number contains ALL of the given
|
||||
// attributes. This is slightly tricky: the union of ATTRIBUTES
|
||||
// can't supersede `myBitNumber` alone, otherwise it contains a bit
|
||||
// that `myBitNumber` doesn't.
|
||||
if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO4))) {
|
||||
// True
|
||||
}
|
||||
if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO3 | HAS_FOO4))) {
|
||||
// False
|
||||
}
|
||||
|
||||
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
/**
|
||||
*
|
||||
* What to do:
|
||||
|
||||
Reference in New Issue
Block a user