devdocs/specs/core-roles.txt

@@ -16,11 +16,69 @@ If you can modify an object you can delete an object unless business rules say o
 In some cases business rules may further restrict what a user can do.
 For example a SubContractorLimited has the change right to a workorder, but in fact the workorder itself has business rules that limit that drastically down to almost nothing but a single area entry in labor
 
+=-=-=-=-  HOW TO HANDLE EDIT OWN PLANNING =-=-=-=-=-
+- EditOwn is really not about editown it's about supporting a user who is not supposed to see any data other than the bare minimum in order to fill out workorders
+	- Make it a business rule(s) instead in the areas of workorders and anything specific
+	- Get rid of edit own rights code entirely
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
 LISTS UNDER LIMITED ROLES
 If a user *can* potentially view or edit an object type then that object's list will display, if certain fields should be restricted then they will be via business rules when the record is opened.
 So in theory lists should not show stuff that a user has no rights to see, so some columns need to be restricted for those users when the list is delivered by the server
 Case by case issue.
 
+**********
+Theoretical company entitities concerned with AyaNova:
+
+Upper Management
+    - KPI
+    - View schedule
+    - View read only workorders full view though
+
+Service manager
+    - Create users set roles
+    - Access everything except OPS (and possibly some accounting functionality restriction?)
+
+I.T.
+    - OPS, setup, backup etc
+    - No access to biz data at all
+
+Accounting    
+    - Invoicing
+    - Clients
+    - View any biz related data
+    - No ability to modify workorders unless accounting related like invoice number or something
+
+HR
+    - Create users
+    - Disable users
+
+Sales
+    - Quotes
+    - View clients / ho
+    - Create clients?
+
+Service
+    - Workorders 
+    - view quotes
+    - Turn wo into quotes
+    - CSR
+    - Create modify clients headoffices
+
+Shipping receiving
+    - Receive PO
+    - Outside service receiving
+
+Inventory
+    - Create parts
+    - Create warehouses
+    - all inventory related like make po's, receive them
+
+Customers
+    - View their shit
+
+************************************************************************************************************************************************************
 
 ## ROLES
 
@@ -89,6 +147,8 @@ Create vendors
 ### Accounting
 see roles.odt for more info
 - Create vendors
+- Create / edit clients (ho)
+- Integrate with QB external accounting software etc
 
 ### TechFull
 see roles.odt for more info
@@ -104,9 +164,12 @@ see roles.odt for more info
 ### TechLimited
 see roles.odt for more info
 - CONSUMES A LICENSE
+- More rights than a subcontrator but less than a full tech, cannot see sensitive data
+- Can't schedule themselves only add labor
 - Can make entries into existing workorders, add rows to existing areas in the workorder but can't add a new area or create a new workorder
 - Can only see their own workorders, no one elses
 - No access to any costs or business data of any kind
+- Can't make clients or vendors or units
 
 
 ### SubContractorLimited
@@ -138,15 +201,16 @@ nothing to do with business stuff or actual business data
 
 ************************************************************************************************************************************************************
 
-=-=-=-=-  HOW TO HANDLE EDIT OWN PLANNING =-=-=-=-=-
-- EditOwn is really not about editown it's about supporting a user who is not supposed to see any data other than the bare minimum in order to fill out workorders
-	- Make it a business rule(s) instead in the areas of workorders and anything specific
-	- Get rid of edit own rights code entirely
 
+BizAdminLimited | BizAdminFull | DispatchLimited | DispatchFull | InventoryLimited |
+        InventoryFull | AccountingFull | TechLimited | TechFull | SubContractorLimited |
+        SubContractorFull | ClientLimited | ClientFull | OpsAdminLimited | OpsAdminFull
 
 # CLIENT UI AREAS AND ROLES THAT CAN SEE THEM
+(there are other restrictions individually but this is just that they are visible to those users in the main UI)
 
 ## HOME
+    - [ALL ROLES EXCEPT CLIENT ONES, RESTRICTIONS BY BIZ RULES AND EXCEPTIONS ONLY]
     - Dashboard
     - Search
     - Schedule
@@ -157,13 +221,22 @@ nothing to do with business stuff or actual business data
     - Notification subscriptions
 
 ## CUSTOMERS
+    [FULL - BAF, DF, ACC, TF ]
+    [READ ONLY - BAL, DL, TL ]
     - Customers
     - Head offices
 
 ## SERVICE
     - Schedule (all)
+        - [FULL - BAF, DF, DL ]
+        - [READ ONLY - BAL ]
+
     - Workorders
+        - [FULL - ACC, DF, DL ]
+        - [READ ONLY - TF, BAL ]
+        - [SPECIAL - TF can see all and create their own wo and put themselves on it but no other techs can be selected by them]
     - Quotes
+        - [FULL - SF, SL]
     - Preventive Maintenance
     - Customer Units
     - Unit Models

server/AyaNova/biz/AuthorizationRoles.cs

@@ -9,7 +9,7 @@ namespace AyaNova.Biz
     public enum AuthorizationRoles : int
     {
         //https://stackoverflow.com/questions/8447/what-does-the-flags-enum-attribute-mean-in-c
-        //MAX 32!!! or will overflow int and needs to be turned into a long
+        //MAX 31 (2147483647)!!! or will overflow int and needs to be turned into a long
         //Must be a power of two: https://en.wikipedia.org/wiki/Power_of_two
 
         ///<summary>No role set</summary>
@@ -51,6 +51,6 @@ namespace AyaNova.Biz
         SubContractorFull | ClientLimited | ClientFull | OpsAdminLimited | OpsAdminFull
 
     }//end AuthorizationRoles
-
+//32768, 65536, 131072, 262144, 524288, 1,048,576
 }//end namespace GZTW.AyaNova.BLL