From 82d4b9694ca20341810096edf6207d0154dae25c Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 23 Apr 2019 23:01:27 +0000 Subject: [PATCH] --- server/AyaNova/biz/AyaType.cs | 2 ++ server/AyaNova/biz/BizRoles.cs | 8 +++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/server/AyaNova/biz/AyaType.cs b/server/AyaNova/biz/AyaType.cs index 1f037f6a..486f5768 100644 --- a/server/AyaNova/biz/AyaType.cs +++ b/server/AyaNova/biz/AyaType.cs @@ -42,6 +42,8 @@ namespace AyaNova.Biz //AyaNova.Biz.BizRoles //AyaNova.Biz.BizObjectNameFetcherDIRECT + //and in the CLIENT in ayatype.js + } diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs index 5d35bafb..f12369bc 100644 --- a/server/AyaNova/biz/BizRoles.cs +++ b/server/AyaNova/biz/BizRoles.cs @@ -15,14 +15,16 @@ namespace AyaNova.Biz static BizRoles() { + //TODO: change this entire block to work off a fragment of JSON that can be shared with the Client side project as well + //Add all object roles here //NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically //by assuming if you can change you can read //HOW THIS WORKS / WHATS EXPECTED - //CHANGE = CREATE, RETRIEVE, UPDATE, DELETE - Full rights - //EDITOWN = special subset of CHANGE: You can create and if it's one you created then you have rights to edit it or delete, but you can't edit ones others have created - //READ = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change + //Change = CREATE, RETRIEVE, UPDATE, DELETE - Full rights + //EditOwn = special subset of CHANGE: You can create and if it's one you created then you have rights to edit it or delete, but you can't edit ones others have created + //ReadFullRecord = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change //PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly //DELETE = There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.