diff --git a/ayanova/src/api/authorizationroles.js b/ayanova/src/api/authorizationroles.js
index 04e2f05a..5190c4ff 100644
--- a/ayanova/src/api/authorizationroles.js
+++ b/ayanova/src/api/authorizationroles.js
@@ -75,22 +75,125 @@ export default {
     });
 
     //Get the AyaNova stock role rights for that object
-    var theRight = this.ROLE_RIGHTS[typeName];
+    var objectRoleRights = this.ROLE_RIGHTS[typeName];
     //get the logged in user's role
     var userRole = vm.$store.state.roles;
-    var isSelfOwned=ownerId==vm.$store.state.userId;
+    var isSelfOwned = ownerId == vm.$store.state.userId;
 
     //calculate the effective rights taking into consideration self owned etc
-    role === (store.state.roles & role);
+
+    var canChange =
+      objectRoleRights.Change === (userRole & objectRoleRights.Change);
+    var canEditOwn =
+      objectRoleRights.EditOwn === (userRole & objectRoleRights.EditOwn);
+    var canReadFullRecord =
+      objectRoleRights.ReadFullRecord ===
+      (userRole & objectRoleRights.ReadFullRecord);
 
 
+//TEST BizAdminLimited, should only be able to read full record, no edit, no change rights
+      var testUserBizAdminLimited = {
+      userId: 2,
+      roles: 1
+    };
 
+    var canChange2 =
+      objectRoleRights.Change ===
+      (testUserBizAdminLimited.roles & objectRoleRights.Change);
+    var canEditOwn2 =
+      objectRoleRights.EditOwn ===
+      (testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
+    var canReadFullRecord2 =
+      objectRoleRights.ReadFullRecord ===
+      (testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
+
+    //widget rights required
     // Change: 34
     // ​
     // EditOwn: 256
     // ​
     // ReadFullRecord: 17
 
+bugbug
+
+    /**
+     * 
+     * OK, we have a problem that needs to be worked out.
+     * combining roles into a required right doesn't compare properly to a user with combined roles using the bitwise operators in javascript
+     * test it again in c# just to see if it's some kind of platform difference or if my assumptions are fucked
+     * Specifically the last thing I tried below (NO! bit)
+     * 
+     *  NoRole = 0,
+        ///<summary>BizAdminLimited</summary>
+        BizAdminLimited = 1,
+        ///<summary>BizAdminFull</summary>
+        BizAdminFull = 2,
+        ///<summary>DispatchLimited</summary>
+        DispatchLimited = 4,
+        ///<summary>DispatchFull</summary>
+        DispatchFull = 8,
+        ///<summary>InventoryLimited</summary>
+        InventoryLimited = 16,
+        ///<summary>InventoryFull</summary>
+        InventoryFull = 32,
+        ///<summary>AccountingFull</summary>
+        AccountingFull = 64,//No limited role, not sure if there is a need
+        ///<summary>TechLimited</summary>
+        TechLimited = 128,
+        ///<summary>TechFull</summary>
+        TechFull = 256,
+        ///<summary>SubContractorLimited</summary>
+        SubContractorLimited = 512,
+        ///<summary>SubContractorFull</summary>
+        SubContractorFull = 1024,
+        ///<summary>ClientLimited</summary>
+        ClientLimited = 2048,
+        ///<summary>ClientFull</summary>
+        ClientFull = 4096,
+        ///<summary>OpsAdminLimited</summary>
+        OpsAdminLimited = 8192,
+        ///<summary>OpsAdminFull</summary>
+        OpsAdminFull = 16384,
+
+
+////////////////////////////////////////////////////////////
+            //WIDGET
+            //
+            roles.Add(AyaType.Widget, new BizRoleSet()
+            {
+                Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull, =34
+                EditOwn = AuthorizationRoles.TechFull, = 256
+                ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited = 17
+            });
+
+
+//One owner who doesn't control anything but views stuff
+                            GenSeedUser(log, 1, AuthorizationRoles.DispatchLimited | AuthorizationRoles.InventoryLimited | AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, timeZoneOffset);
+(4|16|8192) = 8212 
+
+So checking role = eg: InventoryFull === (UserRole && InventoryFull)
+But a test shows a user with role 1 bizadminlimited has no rights to readfull record a widget
+17&1=1 
+So checking a role should be userRole===(UserRole && InventoryFull), lets try it 
+8212 = user with no rights to Change a widget, what happens if we test it:
+8212===(8212&34)= false
+InventoryFull User with rights to change a full record:
+32===(32&34)=true
+OpsAdminFull user with no rights to change a full record
+16384===(16384&34)=false!!
+User with every single right but the two required for changing a widget: 32733
+let's test it: 
+32733===(32733&34)=false!  Yes.
+let's try one more with bizadminfull added to the prior all other rights and confirm it works:32735
+32735===(32735&34)=false NO!  This did not work, WTF it returns 2 instead, maybe the number is too large
+
+Ok, this is not working as expected, need to figure this out, test it in a c# console just to confirm if there is a difference there between the two platforms when not expected.
+
+
+     * 
+     */
+
+
     /**
      * 
      * What to do: