2019-04-30 20:09:11 +00:00
parent 6391ea3a12
commit 3495a56d04
3 changed files with 14 additions and 16 deletions
--- a/ayanova/devdocs/todo.txt
+++ b/ayanova/devdocs/todo.txt
@@ -42,22 +42,13 @@ All platforms and browsers
 		- DONE WIRE up save menu item and add code to disable save on broken rules (and make red, disabled etc)
 		- DONE Move wire up event code from app.vue to gzmenu and call it from app.vue
 ###		- RIGHTS in form state so can easily enable / disable etc
-		- ### SERVER WORK NEEDED FIRST....
-			- NOT done correctly at the server NEED TO CHANGE THIS SHIT FIRST:
-				- is returning a 401 (not authenticated) for rights issues that should return 403 (not authorized)
-				- Before can do below rights stuff need to go back to server and change that
-				- https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses#6937030
-				- I know it works when the user SubContractorLimited logs in and force to fetch widget gets a 403 instead of a 401 and instead of logging off redirects to home or back or something instead
-				- in GZAPI handleError has this: ErrorUserNotAuthenticated  error string, I also need to check server and docs for the corresponding ErrorUserNotAuthorized which may need to be added and documented
-					- Also need a localized text for it in all languages apparently and also document it properly and add it as a type of error returned in those circumstances
-				- May be faster to just try to fetch the object and have rights checked that way and react accordingly in the client rather than try to pre-check before hand
-					- This is because need the actual object to check if self owned and can still edit, let the server handle that shit and just act accordingly
-				- If server returns a read only copy of an object due to read full record but not due to allow edit then perhaps the server can also tag it with a READONLY flag so client can adjust accordingly and not need to do the checking with a double request
-				- SO...SERVER Should return on request of an object one of these:
-					- Not authenticated at all 401
+		- INFO - SERVER will return on request of an object one of these:
+					- DONE Not authenticated at all 401
+						- DONE Redirect to login 
 					- Not authorized for this object 403 (could be due to not own or whatever, we don't care, server handles that shit, client just knows not to show it)
 					- Object...BUT with READONLY flag of some kind present (in outer wrapper??), so client knows to show read only and not allow editing
-					- Object without readonly flag present so fully editable!!! WOOT!
+						- And client doesn't need to work out self owned etc
+					- DONE Object without readonly flag present so fully editable!!! WOOT!
 			- Form (AND THE LIST OBJECT) should check rights and adapt accordingly
 				- ReadFULL record but no change should show record read only
 					- To test use accounts:   ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited
--- a/ayanova/src/api/gzapi.js
+++ b/ayanova/src/api/gzapi.js
@@ -75,10 +75,16 @@ export default {
  status(response) {
    //Handle expected api errors
    if (response.status == 401) {
-      //must reject if not authorized
+      //must reject if not Authenticated
      return Promise.reject(new Error("[ErrorUserNotAuthenticated]"));
    }

+    if (response.status == 403) {
+      //must reject if not Authorized
+      return Promise.reject(new Error("[ErrorUserNotAuthorized]"));
+    }
+
+
    if (response.status >= 200 && response.status < 300) {
      return Promise.resolve(response);
    } else {
--- a/ayanova/src/api/locale.js
+++ b/ayanova/src/api/locale.js
@@ -90,7 +90,8 @@ export default {
    "ErrorAPI2208",
    "ErrorAPI2209",
    "ErrorServerUnresponsive",
-    "ErrorUserNotAuthenticated"
+    "ErrorUserNotAuthenticated",
+    "ErrorUserNotAuthorized"
  ],
  decimalValidate(required) {
    return { required: required, decimal: [2, this.formats.decimalSeparator] };