admin/raven-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2019-04-26 19:51:12 +00:00
parent 4acc58dd9c
commit 1565c4c94b
1 changed files with 70 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
ayanova/src/api/authorizationroles.js
View File

@@ -41,11 +41,11 @@ export default {
///<summary>OpsAdminFull</summary> ///<summary>OpsAdminFull</summary>
OpsAdminFull: 16384 OpsAdminFull: 16384
}, },
hasRole(role) { hasRole(desiredRole) {
if (!store.state.roles || store.state.roles === 0) { if (!store.state.roles || store.state.roles === 0) {
return false; return false;
} }
return role === (store.state.roles & role); return (store.state.roles & desiredRole) != 0;
}, },
///////////////////////////////// /////////////////////////////////
// //
@@ -82,30 +82,33 @@ export default {
//calculate the effective rights taking into consideration self owned etc //calculate the effective rights taking into consideration self owned etc
var canChange = //NOTE: for bitwise comparison we do this:
objectRoleRights.Change === (userRole & objectRoleRights.Change); //Desired role to check can be a single role value or the intersection of multiple bits of role values,
var canEditOwn = //for example if it's a single role then just that number is used (i.e. 2)
objectRoleRights.EditOwn === (userRole & objectRoleRights.EditOwn); //however if its a bunch of roles that can do that operation they need to be intersected (i.e. 2|32|128) which returns a single value for comparison
var canReadFullRecord = //and that's how they come from the server so for example a widget change bizrole requires
objectRoleRights.ReadFullRecord === // Change = AuthorizationRoles.BizAdminFull (enum value 2) | AuthorizationRoles.InventoryFull (enum value 32), these are intersected (2|32) to yield 34
(userRole & objectRoleRights.ReadFullRecord); //now I can compare the user role to 34 to check if either of those two roles are set like this:
//All roles except inventoryfull = 32735 so to be clear it has BizAdminFull which is enough to change a widget, so to check:
// (32735&34) will be nonzero (true), specifically it will calculate to 2 but we don't care about the exact number, just that it isn't zero which
//would indicate that none of the bit fields to check against are set in the user role hence they don't have that right.
//if we need to combine rights just do it like in c# by intersection operator | (2|32) = 34
//UserCurrentRole & (desiredRole) == 0 or false if no desired role bits set in currentrole or non zero if any of the bits are a match
//
var canChange = !!(userRole & objectRoleRights.Change);
var canEditOwn = !!(userRole & objectRoleRights.EditOwn);
var canReadFullRecord = !!(userRole & objectRoleRights.ReadFullRecord);
//TEST BizAdminLimited, should only be able to read full record, no edit, no change rights //TEST BizAdminLimited, should only be able to read full record, no edit, no change rights
var testUserBizAdminLimited = { var testUserBizAdminLimited = {
userId: 2, userId: 2,
roles: 1 roles: 1
}; };
var canChange2 = var canChange2 = !!(testUserBizAdminLimited.roles & objectRoleRights.Change);
objectRoleRights.Change === var canEditOwn2 = !!(testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
(testUserBizAdminLimited.roles & objectRoleRights.Change); var canReadFullRecord2 = !!(testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
var canEditOwn2 =
objectRoleRights.EditOwn ===
(testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
var canReadFullRecord2 =
objectRoleRights.ReadFullRecord ===
(testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
//widget rights required //widget rights required
// Change: 34 // Change: 34
@@ -114,15 +117,9 @@ export default {
// //
// ReadFullRecord: 17 // ReadFullRecord: 17
bugbug
/** /**
* *
* OK, we have a problem that needs to be worked out.
* combining roles into a required right doesn't compare properly to a user with combined roles using the bitwise operators in javascript
* test it again in c# just to see if it's some kind of platform difference or if my assumptions are fucked
* Specifically the last thing I tried below (NO! bit)
*
* NoRole = 0, * NoRole = 0,
///<summary>BizAdminLimited</summary> ///<summary>BizAdminLimited</summary>
BizAdminLimited = 1, BizAdminLimited = 1,
@@ -161,7 +158,7 @@ bugbug
// //
roles.Add(AyaType.Widget, new BizRoleSet() roles.Add(AyaType.Widget, new BizRoleSet()
{ {
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull, =34 Change = AuthorizationRoles.BizAdminFull (2) | AuthorizationRoles.InventoryFull (32), =34
EditOwn = AuthorizationRoles.TechFull, = 256 EditOwn = AuthorizationRoles.TechFull, = 256
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited = 17 ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited = 17
}); });
@@ -171,6 +168,9 @@ bugbug
GenSeedUser(log, 1, AuthorizationRoles.DispatchLimited | AuthorizationRoles.InventoryLimited | AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, timeZoneOffset); GenSeedUser(log, 1, AuthorizationRoles.DispatchLimited | AuthorizationRoles.InventoryLimited | AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, timeZoneOffset);
(4|16|8192) = 8212 (4|16|8192) = 8212
So checking role = eg: InventoryFull === (UserRole && InventoryFull) So checking role = eg: InventoryFull === (UserRole && InventoryFull)
But a test shows a user with role 1 bizadminlimited has no rights to readfull record a widget But a test shows a user with role 1 bizadminlimited has no rights to readfull record a widget
17&1=1 17&1=1
@@ -187,13 +187,54 @@ let's test it:
let's try one more with bizadminfull added to the prior all other rights and confirm it works:32735 let's try one more with bizadminfull added to the prior all other rights and confirm it works:32735
32735===(32735&34)=false NO! This did not work, WTF it returns 2 instead, maybe the number is too large 32735===(32735&34)=false NO! This did not work, WTF it returns 2 instead, maybe the number is too large
No, 2 is ok, it means that's the bit field that matches, if it returned zero that would indicate a non match in any case so...
3
Ok, this is not working as expected, need to figure this out, test it in a c# console just to confirm if there is a difference there between the two platforms when not expected. Ok, this is not working as expected, need to figure this out, test it in a c# console just to confirm if there is a difference there between the two platforms when not expected.
After some research I'm probably doing it wrong:
//https://codeburst.io/using-javascript-bitwise-operators-in-real-life-f551a731ff5
// Test whether your bit number has a single attribute. '&' ensures
// an intersection between them.
if (myBitNumber & HAS_FOO1) {
// False, in this example
}
if (myBitNumber & HAS_FOO2) {
// True!
}
// Test whether your bit number has ANY of the specified attributes
if (myBitNumber & (HAS_FOO1 | HAS_FOO2)) {
// True!
}
if (myBitNumber & (HAS_FOO1 | HAS_FOO3)) {
// False
}
// Test whether your bit number contains ONLY the specified attributes
if (myBitNumber == (HAS_FOO2 | HAS_FOO4)) {
// True
}
if (myBitNumber == (HAS_FOO2 | HAS_FOO3 | HAS_FOO4)) {
// False
}
// Test whether your bit number contains ALL of the given
// attributes. This is slightly tricky: the union of ATTRIBUTES
// can't supersede `myBitNumber` alone, otherwise it contains a bit
// that `myBitNumber` doesn't.
if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO4))) {
// True
}
if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO3 | HAS_FOO4))) {
// False
}
* *
*/ */
/** /**
* *
* What to do: * What to do: