This commit is contained in:
@@ -42,11 +42,31 @@ All platforms and browsers
|
||||
- DONE WIRE up save menu item and add code to disable save on broken rules (and make red, disabled etc)
|
||||
- DONE Move wire up event code from app.vue to gzmenu and call it from app.vue
|
||||
### - RIGHTS in form state so can easily enable / disable etc
|
||||
- ### SERVER WORK NEEDED FIRST....
|
||||
- NOT done correctly at the server NEED TO CHANGE THIS SHIT FIRST:
|
||||
- is returning a 401 (not authenticated) for rights issues that should return 403 (not authorized)
|
||||
- Before can do below rights stuff need to go back to server and change that
|
||||
- https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses#6937030
|
||||
- I know it works when the user SubContractorLimited logs in and force to fetch widget gets a 403 instead of a 401 and instead of logging off redirects to home or back or something instead
|
||||
- in GZAPI handleError has this: ErrorUserNotAuthenticated error string, I also need to check server and docs for the corresponding ErrorUserNotAuthorized which may need to be added and documented
|
||||
- Also need a localized text for it in all languages apparently and also document it properly and add it as a type of error returned in those circumstances
|
||||
- May be faster to just try to fetch the object and have rights checked that way and react accordingly in the client rather than try to pre-check before hand
|
||||
- This is because need the actual object to check if self owned and can still edit, let the server handle that shit and just act accordingly
|
||||
- If server returns a read only copy of an object due to read full record but not due to allow edit then perhaps the server can also tag it with a READONLY flag so client can adjust accordingly and not need to do the checking with a double request
|
||||
- SO...SERVER Should return on request of an object one of these:
|
||||
- Not authenticated at all 401
|
||||
- Not authorized for this object 403 (could be due to not own or whatever, we don't care, server handles that shit, client just knows not to show it)
|
||||
- Object...BUT with READONLY flag of some kind present (in outer wrapper??), so client knows to show read only and not allow editing
|
||||
- Object without readonly flag present so fully editable!!! WOOT!
|
||||
- Form (AND THE LIST OBJECT) should check rights and adapt accordingly
|
||||
- ReadFULL record but no change should show record read only
|
||||
- To test use accounts: ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited
|
||||
- WidgetList should check if even possible to read any part of record, if not then no link to edit
|
||||
- WidgetList should check if Own record possible and check the list object for owner ID (maybe all lists will need to provide owner ID's?)
|
||||
- Delete should be checked
|
||||
- CHANGE should be checked
|
||||
- If no rights then should redirect back to HOME
|
||||
- If no rights then should redirect back to HOME, NOT LOGIN!!!
|
||||
- user with no rights = SubContractorLimited
|
||||
- If user attempts to load widget form but has no rights to widget server returns the NO rights code but that is triggering back to login
|
||||
- Should it do this? Normally would not be an issue because it wouldn't open that form unless they saved or manually typed a link to it
|
||||
- Technically it's incorrect, they don't have to login, they just can't get that record
|
||||
@@ -55,13 +75,9 @@ All platforms and browsers
|
||||
- DONE code automatically builds rights collection from json fragment so can use it between both projects and more easily update it in one central spot
|
||||
- DONE Get that working then come back to the rest of the rights in client side
|
||||
- DONE ALREADY Need to create sample users in server project that have all the different widget right combinations for testing purposes
|
||||
- ??HOME not localized issue, on login, sometimes the home page is not showing as localized! Some kind of timing issue or wrong event used to localize it or something. ??
|
||||
- I see that HOME->BeforeCreate breakpoint is hit **BEFORE** the locale text has been fetched.
|
||||
- 1) this should never happen and is calling into question my use of promises here
|
||||
- 2) Make it happen that beforeCreate in home absolutely never gets called before all the init is done
|
||||
- 3) I think this means that login router push to HOME should not happen until init is done even earlier
|
||||
- So WTF on that, supposed to await the promise resolution from login then init and stuff, need to sort that, it's out of whack
|
||||
- Likely I'm not dealing with the promises properly
|
||||
- DONE HOME not localized issue, on login, sometimes the home page is not showing as localized! Some kind of timing issue or wrong event used to localize it or something. ??
|
||||
- DONE I see that HOME->BeforeCreate breakpoint is hit **BEFORE** the locale text has been fetched.
|
||||
- DONE was not calling promises correctly and not chaining them properly. Fixed
|
||||
- Wire up delete menu item
|
||||
- api code is stubbed out for delete, need to write that as well
|
||||
- DONE TODO navigating through menu doesn't "back" properly when clicking back on browser controls
|
||||
@@ -237,6 +253,8 @@ Make all fields work according to specs below
|
||||
- something I just forgot as I went to write it and got stuck reading older shit here
|
||||
|
||||
- SCROLL POSITION !! - Very important, must return UI to exact scroll position on navigation backwards, not doing so causes a hellish UI to use.
|
||||
- Seems to be a thing in teh vue router already:
|
||||
- https://router.vuejs.org/guide/advanced/scroll-behavior.html
|
||||
- Same position in window
|
||||
- Same settings in any grids being shown and scrolled to same point in grids
|
||||
- AUTOMATED UI TESTING - I need to institute it now and make tests so I have a template to work off for all future tests
|
||||
|
||||
@@ -172,6 +172,32 @@ function clickHandler(menuItem) {
|
||||
}
|
||||
|
||||
export default {
|
||||
//https://router.vuejs.org/guide/advanced/navigation-guards.html#in-component-guards
|
||||
// /*eslint-disable-next-line*/
|
||||
// beforeRouteEnter(to, from, next) {
|
||||
// //check rights here!!!
|
||||
// /*eslint-disable-next-line*/
|
||||
// var v = { t: to, f: from, n: next };
|
||||
|
||||
// // called before the route that renders this component is confirmed.
|
||||
// // does NOT have access to `this` component instance,
|
||||
// // because it has not been created yet when this guard is called!
|
||||
// },
|
||||
// /*eslint-disable-next-line*/
|
||||
// beforeRouteUpdate(to, from, next) {
|
||||
// // called when the route that renders this component has changed,
|
||||
// // but this component is reused in the new route.
|
||||
// // For example, for a route with dynamic params `/foo/:id`, when we
|
||||
// // navigate between `/foo/1` and `/foo/2`, the same `Foo` component instance
|
||||
// // will be reused, and this hook will be called when that happens.
|
||||
// // has access to `this` component instance.
|
||||
// },
|
||||
// /*eslint-disable-next-line*/
|
||||
// beforeRouteLeave(to, from, next) {
|
||||
// // called when the route that renders this component is about to
|
||||
// // be navigated away from.
|
||||
// // has access to `this` component instance.
|
||||
// },
|
||||
beforeCreate() {
|
||||
//Cache all required lt keys
|
||||
var ltKeysRequired = [
|
||||
|
||||
Reference in New Issue
Block a user