admin/raven-client
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-04-02 13:58:05 +00:00
parent 5e88f196db
commit 9714ecb3f0
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ayanova/src/api/authorizationroles.js
View File

@@ -53,7 +53,7 @@ export default {
//array form?
if (window.$gz._.isArray(desiredRole)) {
//it's an array of roles, iterate and if any are present then return true
for (var i = 0; i < desiredRole.length; i++) {
for (let i = 0; i < desiredRole.length; i++) {
if ((window.$gz.store.state.roles & desiredRole[i]) != 0) {
return true;
}
@@ -98,23 +98,23 @@ export default {
//DELETE = SAME AS CHANGE FOR NOW (There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.)
//NOTE: biz rules can supersede this, this is just for general rights purposes, if an object has restrictive business rules they will take precedence every time.
var ret = this.defaultRightsObject();
let ret = this.defaultRightsObject();
//Get the type name from the type enum value
var typeName = window.$gz._.findKey(window.$gz.type, function(o) {
let typeName = window.$gz._.findKey(window.$gz.type, function(o) {
return o == oType;
});
//Get the AyaNova stock role rights for that object
var objectRoleRights = this.ROLE_RIGHTS[typeName];
let objectRoleRights = this.ROLE_RIGHTS[typeName];
//get the logged in user's role
var userRole = window.$gz.store.state.roles;
let userRole = window.$gz.store.state.roles;
//calculate the effective rights
//a non zero result of the bitwise calculation means true and zero means false so using !! to force it into a boolean value (contrary to some style guides that say !! is obscure but I say it saves a lot of typing)
var canChange = !!(userRole & objectRoleRights.Change);
var canReadFullRecord = !!(userRole & objectRoleRights.ReadFullRecord);
let canChange = !!(userRole & objectRoleRights.Change);
let canReadFullRecord = !!(userRole & objectRoleRights.ReadFullRecord);
ret.change = canChange;
ret.delete = ret.change; //FOR NOW