204 lines
6.7 KiB
JavaScript
204 lines
6.7 KiB
JavaScript
/* xeslint-disable */
|
|
|
|
import bizrolerights from "./biz-role-rights";
|
|
|
|
export default {
|
|
ROLE_RIGHTS: bizrolerights,
|
|
AUTHORIZATION_ROLES: {
|
|
///<summary>No role set</summary>
|
|
NoRole: 0,
|
|
///<summary>BizAdminLimited</summary>
|
|
BizAdminLimited: 1,
|
|
///<summary>BizAdminFull</summary>
|
|
BizAdminFull: 2,
|
|
///<summary>DispatchLimited</summary>
|
|
DispatchLimited: 4,
|
|
///<summary>DispatchFull</summary>
|
|
DispatchFull: 8,
|
|
///<summary>InventoryLimited</summary>
|
|
InventoryLimited: 16,
|
|
///<summary>InventoryFull</summary>
|
|
InventoryFull: 32,
|
|
///<summary>AccountingFull</summary>
|
|
AccountingFull: 64, //No limited role, not sure if there is a need
|
|
///<summary>TechLimited</summary>
|
|
TechLimited: 128,
|
|
///<summary>TechFull</summary>
|
|
TechFull: 256,
|
|
///<summary>SubContractorLimited</summary>
|
|
SubContractorLimited: 512,
|
|
///<summary>SubContractorFull</summary>
|
|
SubContractorFull: 1024,
|
|
///<summary>CustomerLimited</summary>
|
|
CustomerLimited: 2048,
|
|
///<summary>CustomerFull</summary>
|
|
CustomerFull: 4096,
|
|
///<summary>OpsAdminLimited</summary>
|
|
OpsAdminLimited: 8192,
|
|
///<summary>OpsAdminFull</summary>
|
|
OpsAdminFull: 16384,
|
|
///<summary>SalesFull</summary>
|
|
SalesFull: 32768,
|
|
///<summary>SalesLimited</summary>
|
|
SalesLimited: 65536
|
|
},
|
|
//////////////////////////////////////////////////////////
|
|
// Does current logged in user have role?
|
|
// (Can be an array of roles or a single role, if array returns true if any of the array roles are present for this user)
|
|
//
|
|
hasRole(desiredRole) {
|
|
if (!window.$gz.store.state.roles || window.$gz.store.state.roles === 0) {
|
|
return false;
|
|
}
|
|
//array form?
|
|
if (Array.isArray(desiredRole)) {
|
|
//it's an array of roles, iterate and if any are present then return true
|
|
for (let i = 0; i < desiredRole.length; i++) {
|
|
if ((window.$gz.store.state.roles & desiredRole[i]) != 0) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
} else {
|
|
return (window.$gz.store.state.roles & desiredRole) != 0;
|
|
}
|
|
},
|
|
///////////////////////////////////////////////////////////////////////
|
|
// Get a default empty rights object so that it can be present when a
|
|
// form first loads
|
|
//
|
|
defaultRightsObject() {
|
|
return {
|
|
change: false,
|
|
read: false,
|
|
delete: false
|
|
};
|
|
},
|
|
///////////////////////////////////////////////////////////////////////
|
|
// Get a default FULL rights object for forms that don't really need
|
|
// to check rights but fits into system for forms in place (e.g. change password)
|
|
//
|
|
fullRightsObject() {
|
|
return {
|
|
change: true,
|
|
read: true,
|
|
delete: true
|
|
};
|
|
},
|
|
/////////////////////////////////
|
|
// oType is the name of the object type as defined in ayatype.js
|
|
//
|
|
getRights(oType) {
|
|
//from bizroles.cs:
|
|
//HOW THIS WORKS / WHATS EXPECTED
|
|
//Change = CREATE, RETRIEVE, UPDATE, DELETE - Full rights
|
|
//
|
|
//ReadFullRecord = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change
|
|
//PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly
|
|
//DELETE = SAME AS CHANGE FOR NOW (There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.)
|
|
//NOTE: biz rules can supersede this, this is just for general rights purposes, if an object has restrictive business rules they will take precedence every time.
|
|
|
|
let ret = this.defaultRightsObject();
|
|
|
|
//Get the type name from the type enum value
|
|
//de-lodash
|
|
// let typeName = window.$gz. _.findKey(window.$gz.type, function(o) {
|
|
// return o == oType;
|
|
// });
|
|
|
|
//my _.findKey replacement:
|
|
let typeName = undefined;
|
|
for (const [key, value] of Object.entries(window.$gz.type)) {
|
|
if (value == oType) {
|
|
typeName = key;
|
|
break;
|
|
}
|
|
}
|
|
|
|
//Get the AyaNova stock REQUIRED role rights for that object
|
|
let objectRoleRights = this.ROLE_RIGHTS[typeName];
|
|
if (!objectRoleRights) {
|
|
throw new Error(
|
|
`authorizationroles::getRights type ${oType} not found in roles collection`
|
|
);
|
|
}
|
|
|
|
//get the logged in user's role
|
|
let userRole = window.$gz.store.state.roles;
|
|
|
|
// console.log("Authorization roles getRights, userRole=", userRole);
|
|
// console.log(
|
|
// `Authorization roles getRights for ${typeName} objectRoleRights=`,
|
|
// objectRoleRights
|
|
// );
|
|
|
|
//calculate the effective rights
|
|
//a non zero result of the bitwise calculation means true and zero means false so using !! to force it into a boolean value
|
|
//(contrary to some style guides that say !! is obscure but I say it saves a lot of typing)
|
|
let canChange = !!(userRole & objectRoleRights.Change);
|
|
//sometimes rights to read are false if change is true since change trumps read anyway so accordingly:
|
|
let canReadFullRecord = canChange;
|
|
if (!canReadFullRecord) {
|
|
//can't change but might have special rights to full record:
|
|
canReadFullRecord = !!(userRole & objectRoleRights.ReadFullRecord);
|
|
}
|
|
|
|
ret.change = canChange;
|
|
ret.delete = ret.change; //FOR NOW
|
|
ret.read = canReadFullRecord;
|
|
|
|
return ret;
|
|
},
|
|
/////////////////////////////////
|
|
// convenience method for forms that deal with multiple object types
|
|
// (i.e. grids, history etc)
|
|
//
|
|
canOpen(oType) {
|
|
let r = this.getRights(oType);
|
|
// //Am seeing where change is true but read is false, change trumps read so ...
|
|
// if (r.change == true) {
|
|
// return true;
|
|
// }
|
|
return r.read;
|
|
}
|
|
};
|
|
/*
|
|
USING BITWISE OPERATORS CHEAT SHEET
|
|
//https://codeburst.io/using-javascript-bitwise-operators-in-real-life-f551a731ff5
|
|
// Test whether your bit number has a single attribute. '&' ensures
|
|
// an intersection between them.
|
|
if (myBitNumber & HAS_FOO1) {
|
|
// False, in this example
|
|
}
|
|
if (myBitNumber & HAS_FOO2) {
|
|
// True!
|
|
}
|
|
|
|
// Test whether your bit number has ANY of the specified attributes
|
|
if (myBitNumber & (HAS_FOO1 | HAS_FOO2)) {
|
|
// True!
|
|
}
|
|
if (myBitNumber & (HAS_FOO1 | HAS_FOO3)) {
|
|
// False
|
|
}
|
|
|
|
// Test whether your bit number contains ONLY the specified attributes
|
|
if (myBitNumber == (HAS_FOO2 | HAS_FOO4)) {
|
|
// True
|
|
}
|
|
if (myBitNumber == (HAS_FOO2 | HAS_FOO3 | HAS_FOO4)) {
|
|
// False
|
|
}
|
|
|
|
// Test whether your bit number contains ALL of the given
|
|
// attributes. This is slightly tricky: the union of ATTRIBUTES
|
|
// can't supersede `myBitNumber` alone, otherwise it contains a bit
|
|
// that `myBitNumber` doesn't.
|
|
if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO4))) {
|
|
// True
|
|
}
|
|
if (myBitNumber == (myBitNumber | (HAS_FOO2 | HAS_FOO3 | HAS_FOO4))) {
|
|
// False
|
|
}
|
|
*/
|