From 135ff75948b9f079d3de3cb262f2bb0e3a77ec86 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Wed, 22 Jun 2022 19:45:07 +0000
Subject: [PATCH]

---
 server/AyaNova/biz/BizRoles.cs       | 40 ++++++----------------------
 server/AyaNova/models/Integration.cs |  2 --
 2 files changed, 8 insertions(+), 34 deletions(-)

diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index 4b68c084..375544b6 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -1044,63 +1044,39 @@ namespace AyaNova.Biz
 
             ////////////////////////////////////////////////////////////
             //INTEGRATION 
-            //  (everyone but outside users Customer and HO)
+            //  (every unrestricted inside user and not subcontractor)
             //this right is for the integration data itself, NOT any other AyaNova data
             //so if someone is malicious the worst case scenario is they can mess up the integration data
             // but they would still need rights to access any AyaNova data under their account so there is no loophole here
             // technically an integration may be used by any role user
-            // however not likely to be read only or limited rights rols
-            // so will allow full access for any user and leave
+            // however not likely to be read only or limited rights roles
+            // so will allow full access for any non restricted user and leave
             // finer tuning of authorization to integrating app itself
             // Also, integration is only used to store app data conveniently it in no way is required to 
             // write api accessing apps so any limitations are not preventing 3rd parties from writing AyaNova api consuming apps of any kind
             //
             roles.Add(AyaType.Integration, new BizRoleSet()
             {
-               Change = AuthorizationRoles.BizAdminRestricted
-                | AuthorizationRoles.BizAdmin
-                | AuthorizationRoles.ServiceRestricted
+               Change =  AuthorizationRoles.BizAdmin
                 | AuthorizationRoles.Service
-                | AuthorizationRoles.InventoryRestricted
                 | AuthorizationRoles.Inventory
                 | AuthorizationRoles.Accounting
-                | AuthorizationRoles.TechRestricted
                 | AuthorizationRoles.Tech
-                | AuthorizationRoles.SubContractorRestricted
-                | AuthorizationRoles.SubContractor
                 | AuthorizationRoles.Sales
-                | AuthorizationRoles.SalesRestricted
-                | AuthorizationRoles.OpsAdminRestricted
                 | AuthorizationRoles.OpsAdmin,
-                ReadFullRecord = AuthorizationRoles.BizAdminRestricted
-                | AuthorizationRoles.BizAdmin
-                | AuthorizationRoles.ServiceRestricted
+                ReadFullRecord =  AuthorizationRoles.BizAdmin
                 | AuthorizationRoles.Service
-                | AuthorizationRoles.InventoryRestricted
                 | AuthorizationRoles.Inventory
                 | AuthorizationRoles.Accounting
-                | AuthorizationRoles.TechRestricted
                 | AuthorizationRoles.Tech
-                | AuthorizationRoles.SubContractorRestricted
-                | AuthorizationRoles.SubContractor
                 | AuthorizationRoles.Sales
-                | AuthorizationRoles.SalesRestricted
-                | AuthorizationRoles.OpsAdminRestricted
                 | AuthorizationRoles.OpsAdmin,
-                Select = AuthorizationRoles.BizAdminRestricted
-                | AuthorizationRoles.BizAdmin
-                | AuthorizationRoles.ServiceRestricted
+                Select = AuthorizationRoles.BizAdmin
                 | AuthorizationRoles.Service
-                | AuthorizationRoles.InventoryRestricted
                 | AuthorizationRoles.Inventory
                 | AuthorizationRoles.Accounting
-                | AuthorizationRoles.TechRestricted
                 | AuthorizationRoles.Tech
-                | AuthorizationRoles.SubContractorRestricted
-                | AuthorizationRoles.SubContractor
                 | AuthorizationRoles.Sales
-                | AuthorizationRoles.SalesRestricted
-                | AuthorizationRoles.OpsAdminRestricted
                 | AuthorizationRoles.OpsAdmin,
             });
 
@@ -1119,7 +1095,7 @@ namespace AyaNova.Biz
             //GENERATE CLIENT COMPATIBLE JSON FROM ROLES OUTPUT TO DEBUG LOG
             //And seperately, set the JSON variable so can copy from debug variable "value" property for lastRoles here to compare
             
-            /*
+           
             
             string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None);
             System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", "BizRoles.cs -> biz-role-rights.js Client roles JSON fragment:\n\n");
@@ -1134,7 +1110,7 @@ namespace AyaNova.Biz
                 }
             }
 
-            */
+          /*   */
 
 
 #endif
diff --git a/server/AyaNova/models/Integration.cs b/server/AyaNova/models/Integration.cs
index c63e96f5..bdcb2f23 100644
--- a/server/AyaNova/models/Integration.cs
+++ b/server/AyaNova/models/Integration.cs
@@ -1,8 +1,6 @@
 using System;
 using System.Collections.Generic;
-using AyaNova.Biz;
 using System.ComponentModel.DataAnnotations;
-using System.ComponentModel.DataAnnotations.Schema;
 using Newtonsoft.Json;
 
 namespace AyaNova.Models