//NOTE: this is to mirror the functionality of BizRoles.cs where all rights by role are specified in server project
//any change there needs to be mirrored here
getRights(vm,oType,ownerId){
//from bizroles.cs:
//HOW THIS WORKS / WHATS EXPECTED
@@ -62,7 +58,6 @@ export default {
//PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly
//DELETE = SAME AS CHANGE FOR NOW (There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.)
//TODO: get this working, then decompose it into several files to make it cleaner
varret={
change:false,
read:false,
@@ -78,122 +73,24 @@ export default {
varobjectRoleRights=this.ROLE_RIGHTS[typeName];
//get the logged in user's role
varuserRole=vm.$store.state.roles;
//see if it's self owned
varisSelfOwned=ownerId==vm.$store.state.userId;
//calculate the effective rights taking into consideration self owned etc
//NOTE: for bitwise comparison we do this:
//Desired role to check can be a single role value or the intersection of multiple bits of role values,
//for example if it's a single role then just that number is used (i.e. 2)
//however if its a bunch of roles that can do that operation they need to be intersected (i.e. 2|32|128) which returns a single value for comparison
//and that's how they come from the server so for example a widget change bizrole requires
// Change = AuthorizationRoles.BizAdminFull (enum value 2) | AuthorizationRoles.InventoryFull (enum value 32), these are intersected (2|32) to yield 34
//now I can compare the user role to 34 to check if either of those two roles are set like this:
//All roles except inventoryfull = 32735 so to be clear it has BizAdminFull which is enough to change a widget, so to check:
// (32735&34) will be nonzero (true), specifically it will calculate to 2 but we don't care about the exact number, just that it isn't zero which
//would indicate that none of the bit fields to check against are set in the user role hence they don't have that right.
//if we need to combine rights just do it like in c# by intersection operator | (2|32) = 34
//UserCurrentRole & (desiredRole) == 0 or false if no desired role bits set in currentrole or non zero if any of the bits are a match
//
//a non zero result of the bitwise calculation means true and zero means false so using !! to force it into a boolean value (contrary to some style guides that say !! is obscure but I say it saves a lot of typing)
So checking role = eg: InventoryFull === (UserRole && InventoryFull)
But a test shows a user with role 1 bizadminlimited has no rights to readfull record a widget
17&1=1
So checking a role should be userRole===(UserRole && InventoryFull), lets try it
8212 = user with no rights to Change a widget, what happens if we test it:
8212===(8212&34)= false
InventoryFull User with rights to change a full record:
32===(32&34)=true
OpsAdminFull user with no rights to change a full record
16384===(16384&34)=false!!
User with every single right but the two required for changing a widget: 32733
let's test it:
32733===(32733&34)=false! Yes.
let's try one more with bizadminfull added to the prior all other rights and confirm it works:32735
32735===(32735&34)=false NO! This did not work, WTF it returns 2 instead, maybe the number is too large
No, 2 is ok, it means that's the bit field that matches, if it returned zero that would indicate a non match in any case so...
3
Ok, this is not working as expected, need to figure this out, test it in a c# console just to confirm if there is a difference there between the two platforms when not expected.
"LOCALE - DONE FETCH(KEYS) and stored about to call Resolve()..."
);
resolve();
});
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
