This commit is contained in:
@@ -75,22 +75,125 @@ export default {
|
|||||||
});
|
});
|
||||||
|
|
||||||
//Get the AyaNova stock role rights for that object
|
//Get the AyaNova stock role rights for that object
|
||||||
var theRight = this.ROLE_RIGHTS[typeName];
|
var objectRoleRights = this.ROLE_RIGHTS[typeName];
|
||||||
//get the logged in user's role
|
//get the logged in user's role
|
||||||
var userRole = vm.$store.state.roles;
|
var userRole = vm.$store.state.roles;
|
||||||
var isSelfOwned=ownerId==vm.$store.state.userId;
|
var isSelfOwned = ownerId == vm.$store.state.userId;
|
||||||
|
|
||||||
//calculate the effective rights taking into consideration self owned etc
|
//calculate the effective rights taking into consideration self owned etc
|
||||||
role === (store.state.roles & role);
|
|
||||||
|
var canChange =
|
||||||
|
objectRoleRights.Change === (userRole & objectRoleRights.Change);
|
||||||
|
var canEditOwn =
|
||||||
|
objectRoleRights.EditOwn === (userRole & objectRoleRights.EditOwn);
|
||||||
|
var canReadFullRecord =
|
||||||
|
objectRoleRights.ReadFullRecord ===
|
||||||
|
(userRole & objectRoleRights.ReadFullRecord);
|
||||||
|
|
||||||
|
|
||||||
|
//TEST BizAdminLimited, should only be able to read full record, no edit, no change rights
|
||||||
|
var testUserBizAdminLimited = {
|
||||||
|
userId: 2,
|
||||||
|
roles: 1
|
||||||
|
};
|
||||||
|
|
||||||
|
var canChange2 =
|
||||||
|
objectRoleRights.Change ===
|
||||||
|
(testUserBizAdminLimited.roles & objectRoleRights.Change);
|
||||||
|
var canEditOwn2 =
|
||||||
|
objectRoleRights.EditOwn ===
|
||||||
|
(testUserBizAdminLimited.roles & objectRoleRights.EditOwn);
|
||||||
|
var canReadFullRecord2 =
|
||||||
|
objectRoleRights.ReadFullRecord ===
|
||||||
|
(testUserBizAdminLimited.roles & objectRoleRights.ReadFullRecord);
|
||||||
|
|
||||||
|
//widget rights required
|
||||||
// Change: 34
|
// Change: 34
|
||||||
//
|
//
|
||||||
// EditOwn: 256
|
// EditOwn: 256
|
||||||
//
|
//
|
||||||
// ReadFullRecord: 17
|
// ReadFullRecord: 17
|
||||||
|
|
||||||
|
bugbug
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* OK, we have a problem that needs to be worked out.
|
||||||
|
* combining roles into a required right doesn't compare properly to a user with combined roles using the bitwise operators in javascript
|
||||||
|
* test it again in c# just to see if it's some kind of platform difference or if my assumptions are fucked
|
||||||
|
* Specifically the last thing I tried below (NO! bit)
|
||||||
|
*
|
||||||
|
* NoRole = 0,
|
||||||
|
///<summary>BizAdminLimited</summary>
|
||||||
|
BizAdminLimited = 1,
|
||||||
|
///<summary>BizAdminFull</summary>
|
||||||
|
BizAdminFull = 2,
|
||||||
|
///<summary>DispatchLimited</summary>
|
||||||
|
DispatchLimited = 4,
|
||||||
|
///<summary>DispatchFull</summary>
|
||||||
|
DispatchFull = 8,
|
||||||
|
///<summary>InventoryLimited</summary>
|
||||||
|
InventoryLimited = 16,
|
||||||
|
///<summary>InventoryFull</summary>
|
||||||
|
InventoryFull = 32,
|
||||||
|
///<summary>AccountingFull</summary>
|
||||||
|
AccountingFull = 64,//No limited role, not sure if there is a need
|
||||||
|
///<summary>TechLimited</summary>
|
||||||
|
TechLimited = 128,
|
||||||
|
///<summary>TechFull</summary>
|
||||||
|
TechFull = 256,
|
||||||
|
///<summary>SubContractorLimited</summary>
|
||||||
|
SubContractorLimited = 512,
|
||||||
|
///<summary>SubContractorFull</summary>
|
||||||
|
SubContractorFull = 1024,
|
||||||
|
///<summary>ClientLimited</summary>
|
||||||
|
ClientLimited = 2048,
|
||||||
|
///<summary>ClientFull</summary>
|
||||||
|
ClientFull = 4096,
|
||||||
|
///<summary>OpsAdminLimited</summary>
|
||||||
|
OpsAdminLimited = 8192,
|
||||||
|
///<summary>OpsAdminFull</summary>
|
||||||
|
OpsAdminFull = 16384,
|
||||||
|
|
||||||
|
|
||||||
|
////////////////////////////////////////////////////////////
|
||||||
|
//WIDGET
|
||||||
|
//
|
||||||
|
roles.Add(AyaType.Widget, new BizRoleSet()
|
||||||
|
{
|
||||||
|
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull, =34
|
||||||
|
EditOwn = AuthorizationRoles.TechFull, = 256
|
||||||
|
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited = 17
|
||||||
|
});
|
||||||
|
|
||||||
|
|
||||||
|
//One owner who doesn't control anything but views stuff
|
||||||
|
GenSeedUser(log, 1, AuthorizationRoles.DispatchLimited | AuthorizationRoles.InventoryLimited | AuthorizationRoles.OpsAdminLimited, UserType.NonSchedulable, timeZoneOffset);
|
||||||
|
(4|16|8192) = 8212
|
||||||
|
|
||||||
|
So checking role = eg: InventoryFull === (UserRole && InventoryFull)
|
||||||
|
But a test shows a user with role 1 bizadminlimited has no rights to readfull record a widget
|
||||||
|
17&1=1
|
||||||
|
So checking a role should be userRole===(UserRole && InventoryFull), lets try it
|
||||||
|
8212 = user with no rights to Change a widget, what happens if we test it:
|
||||||
|
8212===(8212&34)= false
|
||||||
|
InventoryFull User with rights to change a full record:
|
||||||
|
32===(32&34)=true
|
||||||
|
OpsAdminFull user with no rights to change a full record
|
||||||
|
16384===(16384&34)=false!!
|
||||||
|
User with every single right but the two required for changing a widget: 32733
|
||||||
|
let's test it:
|
||||||
|
32733===(32733&34)=false! Yes.
|
||||||
|
let's try one more with bizadminfull added to the prior all other rights and confirm it works:32735
|
||||||
|
32735===(32735&34)=false NO! This did not work, WTF it returns 2 instead, maybe the number is too large
|
||||||
|
|
||||||
|
Ok, this is not working as expected, need to figure this out, test it in a c# console just to confirm if there is a difference there between the two platforms when not expected.
|
||||||
|
|
||||||
|
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* What to do:
|
* What to do:
|
||||||
|
|||||||
Reference in New Issue
Block a user