From 1565c4c94bcfc62412e34c1318ff89f75d15522a Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Fri, 26 Apr 2019 19:51:12 +0000
Subject: [PATCH]

---
 ayanova/src/api/authorizationroles.js | 99 +++++++++++++++++++--------
 1 file changed, 70 insertions(+), 29 deletions(-)

diff --git a/ayanova/src/api/authorizationroles.js b/ayanova/src/api/authorizationroles.js
index 5190c4ff..57870421 100644
--- a/ayanova/src/api/authorizationroles.js
+++ b/ayanova/src/api/authorizationroles.js
@@ -41,11 +41,11 @@ export default {
     ///<summary>OpsAdminFull</summary>
     OpsAdminFull: 16384
   },
-  hasRole(role) {
+  hasRole(desiredRole) {
     if (!store.state.roles || store.state.roles === 0) {
       return false;
     }
-    return role === (store.state.roles & role);
+    return (store.state.roles & desiredRole) != 0;
   },
   /////////////////////////////////
   //
@@ -82,30 +82,33 @@ export default {
 
     //calculate the effective rights taking into consideration self owned etc
 
-    var canChange =
-      objectRoleRights.Change === (userRole & objectRoleRights.Change);
-    var canEditOwn =
-      objectRoleRights.EditOwn === (userRole & objectRoleRights.EditOwn);
-    var canReadFullRecord =
-      objectRoleRights.ReadFullRecord ===
-      (userRole & objectRoleRights.ReadFullRecord);
+    //NOTE: for bitwise comparison we do this:
+    //Desired role to check can be a single role value or the intersection of multiple bits of role values,
+    //for example if it's a single role then just that number is used (i.e. 2)
+    //however if its a bunch of roles that can do that operation they need to be intersected (i.e. 2|32|128) which returns a single value for comparison
+    //and that's how they come from the server so for example a widget change bizrole requires
+    // Change = AuthorizationRoles.BizAdminFull (enum value 2) | AuthorizationRoles.InventoryFull (enum value 32), these are intersected (2|32) to yield 34
+    //now I can compare the user role to 34 to check if either of those two roles are set like this:
+    //All roles except inventoryfull = 32735 so to be clear it has BizAdminFull which is enough to change a widget, so to check:
+    // (32735&34) will be nonzero (true), specifically it will calculate to 2 but we don't care about the exact number, just that it isn't zero which
+    //would indicate that none of the bit fields to check against are set in the user role hence they don't have that right.
+    //if we need to combine rights just do it like in c# by intersection operator | (2|32) = 34
+    //UserCurrentRole & (desiredRole) == 0 or false if no desired role bits set in currentrole or non zero if any of the bits are a match
+    //
 
+    var canChange = !!(userRole & objectRoleRights.Change);
+    var canEditOwn = !!(userRole & objectRoleRights.EditOwn);
+    var canReadFullRecord = !!(userRole & objectRoleRights.ReadFullRecord);
 
-//TEST BizAdminLimited, should only be able to read full record, no edit, no change rights
-      var testUserBizAdminLimited = {
+    //TEST BizAdminLimited, should only be able to read full record, no edit, no change rights
+    var testUserBizAdminLimited = {
       userId: 2,
       roles: 1
     };
 
-    var canChange2 =
-      objectRoleRights.Change ===
-      (testUserBizAdminLimited.roles & objectRoleRights.Change);
-    var canEditOwn2 =
-      objectRoleRights.EditOwn ===
-      (testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
-    var canReadFullRecord2 =
-      objectRoleRights.ReadFullRecord ===
-      (testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
+    var canChange2 = !!(testUserBizAdminLimited.roles & objectRoleRights.Change);
+    var canEditOwn2 = !!(testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
+    var canReadFullRecord2 = !!(testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
 
     //widget rights required
     // Change: 34
@@ -114,15 +117,9 @@ export default {
     // ​
     // ReadFullRecord: 17
 
-bugbug
-
     /**
      * 
-     * OK, we have a problem that needs to be worked out.
-     * combining roles into a required right doesn't compare properly to a user with combined roles using the bitwise operators in javascript
-     * test it again in c# just to see if it's some kind of platform difference or if my assumptions are fucked
-     * Specifically the last thing I tried below (NO! bit)
-     * 
+     
      *  NoRole = 0,
         ///<summary>BizAdminLimited</summary>
         BizAdminLimited = 1,
@@ -161,7 +158,7 @@ bugbug
             //
             roles.Add(AyaType.Widget, new BizRoleSet()
             {
-                Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull, =34
+                Change = AuthorizationRoles.BizAdminFull (2) | AuthorizationRoles.InventoryFull (32), =34
                 EditOwn = AuthorizationRoles.TechFull, = 256
                 ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited = 17
             });
@@ -171,6 +168,9 @@ bugbug
                             GenSeedUser(log, 1, AuthorizationRoles.DispatchLimited | AuthorizationRoles.InventoryLimited | AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, timeZoneOffset);
 (4|16|8192) = 8212 
 
+
+
+
 So checking role = eg: InventoryFull === (UserRole && InventoryFull)
 But a test shows a user with role 1 bizadminlimited has no rights to readfull record a widget
 17&1=1 
@@ -187,13 +187,54 @@ let's test it:
 let's try one more with bizadminfull added to the prior all other rights and confirm it works:32735
 32735===(32735&34)=false NO!  This did not work, WTF it returns 2 instead, maybe the number is too large
 
+No, 2 is ok, it means that's the bit field that matches, if it returned zero that would indicate a non match in any case so...
+
+3
+
 Ok, this is not working as expected, need to figure this out, test it in a c# console just to confirm if there is a difference there between the two platforms when not expected.
+After some research I'm probably doing it wrong:
+
+//https://codeburst.io/using-javascript-bitwise-operators-in-real-life-f551a731ff5
+// Test whether your bit number has a single attribute. '&' ensures
+// an intersection between them.
+if (myBitNumber & HAS_FOO1) {
+  // False, in this example
+}
+if (myBitNumber & HAS_FOO2) {
+  // True!
+}
+
+// Test whether your bit number has ANY of the specified attributes
+if (myBitNumber & (HAS_FOO1 | HAS_FOO2)) {
+  // True!
+}
+if (myBitNumber & (HAS_FOO1 | HAS_FOO3)) {
+  // False
+}
+
+// Test whether your bit number contains ONLY the specified attributes
+if (myBitNumber == (HAS_FOO2 | HAS_FOO4)) {
+  // True
+}
+if (myBitNumber == (HAS_FOO2 | HAS_FOO3 | HAS_FOO4)) {
+  // False
+}
+
+// Test whether your bit number contains ALL of the given
+// attributes. This is slightly tricky: the union of ATTRIBUTES 
+// can't supersede `myBitNumber` alone, otherwise it contains a bit
+// that `myBitNumber` doesn't.
+if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO4))) {
+  // True
+}
+if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO3 | HAS_FOO4))) {
+  // False
+}
 
 
      * 
      */
 
-
     /**
      * 
      * What to do: