diff --git a/devdocs/specs/core-roles.txt b/devdocs/specs/core-roles.txt
index b2cd0e36..2933bb06 100644
--- a/devdocs/specs/core-roles.txt
+++ b/devdocs/specs/core-roles.txt
@@ -5,17 +5,18 @@ From case https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1809
RAVEN will replace security rights system of v7 with a role based system instead
I'm using an int flags enum which means a maximum of 32 possible roles unless I bump it up to a long but don't really want to as this number will be thrown around the api a lot
-
-
-TODO: Fill this out as I code.
+ROLES set general accessibility to change or delete or read objects, however Business rules may further restrict on top of that.
**DELETE RIGHTS***
-If you can modify an object you can delete an object
+If you can modify an object you can delete an object unless business rules say otherwise
+
+
+**LIMITED ROLES / BUSINESS RULES LIMITATIONS **
+(formerly self owned)
+In some cases business rules may further restrict what a user can do.
+For example a SubContractorLimited has the change right to a workorder, but in fact the workorder itself has business rules that limit that drastically down to almost nothing but a single area entry in labor
-**OWNER LIMITED ROLES**
-Limited roles in some cases can create an object but can only edit or delete objects they created
-?? STILL BEING PLANNED OUT SEE BELOW AT BOTTOM ??
## ROLES
diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index d2920cbe..3a456818 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -6,9 +6,20 @@ Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOiIxNTQ3NTgwMzg2IiwiZXhwIjoi
## IMMEDIATE ITEMS
+Do I need ownerId for anything if it's not being used anymore for rules??
+ - Get rid of it in all rights stuff first, then widget then the rest and rename for the below specific things to UserId instead
+ - DataFilter uses it for a different purpose in that there are public and private filters
+ - After removing everywhere else maybe if this is the only holdout rename the field to userID or something?
+ - Semantically makes more sense
+ - Also helps so we can have no remnants of ownerId anywhere to make it easier to see what's been fixed / changed.
+ - EventLog uses it to log people's changes so an eventlog entry might be owned by Jim but it refers to an action Jim made on another object such as edit it maybe
+ - Could be renamed to UserId as well
+ - Event object uses it see eventlog above
+ - FormCustom uses it much like DataFilter does, could also be renamed to UserId and semantically be better
-EDIT OWN PLANNING FIRST
-- Now all in core-roles.txt
+OwnerID is put on httpcontext in startup.cs, will it still be necessary?
+Clean up owner ID and rules now that it's deprecated
+Fix tests until they run properly
NOT THIS: QB TLS STUFF, SERVER UPDATES, MAIL SERVER CONFIG CHECK AND UPDATE
AFTER THAT FIGURE OUT SELF OWNED RIGHTS / SUBCONTRACTOR
diff --git a/server/AyaNova/ControllerHelpers/Authorized.cs b/server/AyaNova/ControllerHelpers/Authorized.cs
index a9945336..ea5e0428 100644
--- a/server/AyaNova/ControllerHelpers/Authorized.cs
+++ b/server/AyaNova/ControllerHelpers/Authorized.cs
@@ -43,10 +43,10 @@ namespace AyaNova.Api.ControllerHelpers
///
///
///
- internal static bool IsAuthorizedToReadFullRecord(IDictionary HttpContextItems, AyaType objectType)
+ internal static bool HasReadFullRole(IDictionary HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
- return IsAuthorizedToReadFullRecord(currentUserRoles, objectType);
+ return HasReadFullRole(currentUserRoles, objectType);
}
///
@@ -55,7 +55,7 @@ namespace AyaNova.Api.ControllerHelpers
///
///
///
- internal static bool IsAuthorizedToReadFullRecord(AuthorizationRoles currentUserRoles, AyaType objectType)
+ internal static bool HasReadFullRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
//NOTE: this assumes that if you can change you can read
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
@@ -75,10 +75,10 @@ namespace AyaNova.Api.ControllerHelpers
///
///
///
- internal static bool IsAuthorizedToCreate(IDictionary HttpContextItems, AyaType objectType)
+ internal static bool HasCreateRole(IDictionary HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
- return IsAuthorizedToCreate(currentUserRoles, objectType);
+ return HasCreateRole(currentUserRoles, objectType);
}
///
@@ -87,14 +87,11 @@ namespace AyaNova.Api.ControllerHelpers
///
///
///
- internal static bool IsAuthorizedToCreate(AuthorizationRoles currentUserRoles, AyaType objectType)
+ internal static bool HasCreateRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
- if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn))
- return true;
-
return false;
}
@@ -107,13 +104,13 @@ namespace AyaNova.Api.ControllerHelpers
///
///
///
- ///
+
///
- internal static bool IsAuthorizedToModify(IDictionary HttpContextItems, AyaType objectType, long ownerId = -1)
+ internal static bool HasModifyRole(IDictionary HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
- long currentUserId = UserIdFromContext.Id(HttpContextItems);
- return IsAuthorizedToModify(currentUserRoles, currentUserId, objectType, ownerId);
+
+ return HasModifyRole(currentUserRoles, objectType);
}
@@ -121,19 +118,12 @@ namespace AyaNova.Api.ControllerHelpers
/// MODIFY
///
///
- ///
///
- ///
///
- internal static bool IsAuthorizedToModify(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = -1)
+ internal static bool HasModifyRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
-
- if (ownerId != -1)
- if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
- return true;
-
return false;
}
@@ -145,34 +135,29 @@ namespace AyaNova.Api.ControllerHelpers
///
///
///
- ///
///
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
- internal static bool IsAuthorizedToDelete(IDictionary HttpContextItems, AyaType objectType, long ownerId = 1)
+ internal static bool HasDeleteRole(IDictionary HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems);
- return IsAuthorizedToDelete(currentUserRoles, currentUserId, objectType, ownerId);
+ return HasDeleteRole(currentUserRoles, objectType);
}
///
/// DELETE
///
- ///
- ///
- ///
- ///
+ ///
+ ///
///
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
- internal static bool IsAuthorizedToDelete(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = 1)
+ internal static bool HasDeleteRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
- if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
- return true;
-
+
return false;
}
diff --git a/server/AyaNova/Controllers/AttachmentController.cs b/server/AyaNova/Controllers/AttachmentController.cs
index 7d3d71f3..8c0a99e1 100644
--- a/server/AyaNova/Controllers/AttachmentController.cs
+++ b/server/AyaNova/Controllers/AttachmentController.cs
@@ -186,14 +186,14 @@ namespace AyaNova.Api.Controllers
if (!badRequest)
{
//check if object exists
- long attachToObjectOwnerId = attachToObject.OwnerId(ct);
- if (attachToObjectOwnerId == -1)
- {
- badRequest = true;
- errorMessage = "Invalid attach object";
- }
- else
- {
+ // long attachToObjectOwnerId = attachToObject.OwnerId(ct);
+ // if (attachToObjectOwnerId == -1)
+ // {
+ // badRequest = true;
+ // errorMessage = "Invalid attach object";
+ // }
+ // else
+ // {
// User needs modify rights to the object type in question
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, attachToObject.ObjectType, attachToObjectOwnerId))
{
@@ -202,7 +202,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(403, new ApiNotAuthorizedResponse());
}
- }
+ //}
}
@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
}
//is this allowed?
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, dbObj.AttachToObjectType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/DataFilterController.cs b/server/AyaNova/Controllers/DataFilterController.cs
index b23cbce2..efb3c29d 100644
--- a/server/AyaNova/Controllers/DataFilterController.cs
+++ b/server/AyaNova/Controllers/DataFilterController.cs
@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
- return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
+ return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
diff --git a/server/AyaNova/Controllers/EventLogController.cs b/server/AyaNova/Controllers/EventLogController.cs
index ef692efc..f9ae1117 100644
--- a/server/AyaNova/Controllers/EventLogController.cs
+++ b/server/AyaNova/Controllers/EventLogController.cs
@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, opt.AyType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, opt.AyType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -97,7 +97,7 @@ namespace AyaNova.Api.Controllers
long UserId = UserIdFromContext.Id(HttpContext.Items);
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/FormCustomController.cs b/server/AyaNova/Controllers/FormCustomController.cs
index 4b121379..e7c0eb63 100644
--- a/server/AyaNova/Controllers/FormCustomController.cs
+++ b/server/AyaNova/Controllers/FormCustomController.cs
@@ -66,7 +66,7 @@ namespace AyaNova.Api.Controllers
FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);
//Just have to be authenticated for this one
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -87,7 +87,7 @@ namespace AyaNova.Api.Controllers
}
}
- return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
+ return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -140,7 +140,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -236,7 +236,7 @@ namespace AyaNova.Api.Controllers
FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);
//check rights
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
diff --git a/server/AyaNova/Controllers/ImportAyaNova7Controller.cs b/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
index 414880ca..14ab0442 100644
--- a/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
+++ b/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
+ if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
}
- if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.AyaNova7Import))
+ if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -192,7 +192,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.AyaNova7Import))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -245,7 +245,7 @@ namespace AyaNova.Api.Controllers
// #endif
//Create, in that they are creating new data in AyaNova
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
+ if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/JobOperationsController.cs b/server/AyaNova/Controllers/JobOperationsController.cs
index 5c49b2fa..4dd8b621 100644
--- a/server/AyaNova/Controllers/JobOperationsController.cs
+++ b/server/AyaNova/Controllers/JobOperationsController.cs
@@ -63,7 +63,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -102,7 +102,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/LicenseController.cs b/server/AyaNova/Controllers/LicenseController.cs
index d26027c5..811ae95c 100644
--- a/server/AyaNova/Controllers/LicenseController.cs
+++ b/server/AyaNova/Controllers/LicenseController.cs
@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.License))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -92,7 +92,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
+ if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -155,7 +155,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
+ if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/LogFilesController.cs b/server/AyaNova/Controllers/LogFilesController.cs
index 0a40c75e..71d19716 100644
--- a/server/AyaNova/Controllers/LogFilesController.cs
+++ b/server/AyaNova/Controllers/LogFilesController.cs
@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/MetricsController.cs b/server/AyaNova/Controllers/MetricsController.cs
index aafe1338..e1f87d2d 100644
--- a/server/AyaNova/Controllers/MetricsController.cs
+++ b/server/AyaNova/Controllers/MetricsController.cs
@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -90,7 +90,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/ServerStateController.cs b/server/AyaNova/Controllers/ServerStateController.cs
index b310aaf6..ced534cc 100644
--- a/server/AyaNova/Controllers/ServerStateController.cs
+++ b/server/AyaNova/Controllers/ServerStateController.cs
@@ -68,7 +68,7 @@ namespace AyaNova.Api.Controllers
[Authorize]
public ActionResult PostServerState([FromBody] ServerStateModel state)
{
- if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.ServerState))
+ if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.ServerState))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs
index 70c65b6d..f181e8fa 100644
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
- return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
+ return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -105,7 +105,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(new
@@ -135,7 +135,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -328,7 +328,7 @@ namespace AyaNova.Api.Controllers
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
diff --git a/server/AyaNova/Controllers/UserOptionsController.cs b/server/AyaNova/Controllers/UserOptionsController.cs
index 9fac3fa6..af539122 100644
--- a/server/AyaNova/Controllers/UserOptionsController.cs
+++ b/server/AyaNova/Controllers/UserOptionsController.cs
@@ -68,7 +68,7 @@ namespace AyaNova.Api.Controllers
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Different than normal here: a user is *always* allowed to retrieve their own user options object
- if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
+ if (id != UserId && !Authorized.HasReadFullRole(HttpContext.Items, AyaType.UserOptions))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
- return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
+ return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
diff --git a/server/AyaNova/Controllers/WidgetController.cs b/server/AyaNova/Controllers/WidgetController.cs
index 0d5a4a56..50710e43 100644
--- a/server/AyaNova/Controllers/WidgetController.cs
+++ b/server/AyaNova/Controllers/WidgetController.cs
@@ -64,7 +64,8 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -74,7 +75,10 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
- return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
+ // NOTE: HERE would be the second check of biz rules before returning the object
+ // in cases where there is also a business rule to affect retrieval on top of basic rights
+
+ return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -95,7 +99,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(new
@@ -121,7 +125,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
- if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -185,7 +189,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
- if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
+ if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
try
@@ -234,7 +238,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
- if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
+ if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
try
@@ -272,7 +276,7 @@ namespace AyaNova.Api.Controllers
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
- if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
+ if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -315,7 +319,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
- if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, o.OwnerId))
+ if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!biz.Delete(o))
@@ -360,7 +364,7 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
- if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
+ if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.JobOperations))
return StatusCode(403, new ApiNotAuthorizedResponse());
//Create the job here
diff --git a/server/AyaNova/biz/AyaObjectOwnerId.cs b/server/AyaNova/biz/AyaObjectOwnerId.cs
index db4ea899..986870b1 100644
--- a/server/AyaNova/biz/AyaObjectOwnerId.cs
+++ b/server/AyaNova/biz/AyaObjectOwnerId.cs
@@ -1,48 +1,48 @@
-using AyaNova.Models;
-using AyaNova.Biz;
+// using AyaNova.Models;
+// using AyaNova.Biz;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore.Metadata;
-using System.Reflection;
-using System;
+// using Microsoft.EntityFrameworkCore;
+// using Microsoft.EntityFrameworkCore.Metadata;
+// using System.Reflection;
+// using System;
-namespace AyaNova.Biz
-{
+// namespace AyaNova.Biz
+// {
- ///
- /// Returns owner Id if the object exists or 0 if exists but there is no owner ID property or -1 if the object doesn't exist
- ///
- internal static class AyaObjectOwnerId
- {
- internal static long Get(AyaTypeId o, AyContext ct)
- {
- if (o.IsEmpty) return -1;
+// ///
+// /// Returns owner Id if the object exists or 0 if exists but there is no owner ID property or -1 if the object doesn't exist
+// ///
+// internal static class AyaObjectOwnerId
+// {
+// internal static long Get(AyaTypeId o, AyContext ct)
+// {
+// if (o.IsEmpty) return -1;
- //Get the type of the model of AyaObject
- Type t = Type.GetType("AyaNova.Models." + o.ObjectType.ToString());
+// //Get the type of the model of AyaObject
+// Type t = Type.GetType("AyaNova.Models." + o.ObjectType.ToString());
- //Run a find query on the db context based on the model's type
- object record = ct.Find(t, o.ObjectId);
- if (record == null)
- {
- return -1;
- }
+// //Run a find query on the db context based on the model's type
+// object record = ct.Find(t, o.ObjectId);
+// if (record == null)
+// {
+// return -1;
+// }
- PropertyInfo ownerIdPropertyInfo = record.GetType().GetProperty("OwnerId");
+// PropertyInfo ownerIdPropertyInfo = record.GetType().GetProperty("OwnerId");
- if (ownerIdPropertyInfo == null)
- return 0;//object exists and it doesn't have an ownerID property
+// if (ownerIdPropertyInfo == null)
+// return 0;//object exists and it doesn't have an ownerID property
- long ret = (long)ownerIdPropertyInfo.GetValue(record, null);
+// long ret = (long)ownerIdPropertyInfo.GetValue(record, null);
- return ret;
+// return ret;
- }
+// }
- }
+// }
-}//eons
+// }//eons
diff --git a/server/AyaNova/biz/AyaTypeId.cs b/server/AyaNova/biz/AyaTypeId.cs
index 95c7deb1..a6a7aa8c 100644
--- a/server/AyaNova/biz/AyaTypeId.cs
+++ b/server/AyaNova/biz/AyaTypeId.cs
@@ -71,15 +71,15 @@ namespace AyaNova.Biz
}
}
- ///
- /// Get the ownerId for the object in question
- ///
- /// db context
- /// 0 if object doesn't have an owner Id, the owner Id or -1 if the object doesn't exist in the db
- public long OwnerId(AyContext ct)
- {
- return AyaObjectOwnerId.Get(this, ct);
- }
+ // ///
+ // /// Get the ownerId for the object in question
+ // ///
+ // /// db context
+ // /// 0 if object doesn't have an owner Id, the owner Id or -1 if the object doesn't exist in the db
+ // public long OwnerId(AyContext ct)
+ // {
+ // return AyaObjectOwnerId.Get(this, ct);
+ // }
///
diff --git a/server/AyaNova/biz/BizRoleSet.cs b/server/AyaNova/biz/BizRoleSet.cs
index 401511ba..189e6c44 100644
--- a/server/AyaNova/biz/BizRoleSet.cs
+++ b/server/AyaNova/biz/BizRoleSet.cs
@@ -6,8 +6,7 @@ namespace AyaNova.Biz
///
public class BizRoleSet
{
- public AuthorizationRoles Change { get; set; }
- public AuthorizationRoles EditOwn { get; set; }
+ public AuthorizationRoles Change { get; set; }
public AuthorizationRoles ReadFullRecord { get; set; }
}//eoc
diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index 4397ff45..26032434 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -36,8 +36,7 @@ namespace AyaNova.Biz
//
roles.Add(AyaType.User, new BizRoleSet()
{
- Change = AuthorizationRoles.BizAdminFull,
- EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
+ Change = AuthorizationRoles.BizAdminFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
@@ -48,7 +47,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.UserOptions, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
- EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
@@ -60,7 +58,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.Widget, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull,
- EditOwn = AuthorizationRoles.TechFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited
});
@@ -70,7 +67,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.ServerState, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
@@ -81,7 +77,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.License, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
});
@@ -91,7 +86,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.LogFile, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
@@ -105,7 +99,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.JobOperations, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
});
@@ -115,7 +108,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.AyaNova7Import, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.NoRole
});
@@ -126,7 +118,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.Metrics, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
@@ -137,7 +128,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.Locale, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
@@ -148,7 +138,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.DataFilter, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
- EditOwn = AuthorizationRoles.AnyRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
@@ -159,7 +148,6 @@ namespace AyaNova.Biz
{
//Only BizAdminFull can modify forms
Change = AuthorizationRoles.BizAdminFull,
- EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
diff --git a/server/AyaNova/biz/Search.cs b/server/AyaNova/biz/Search.cs
index a2f3d798..14d91fd5 100644
--- a/server/AyaNova/biz/Search.cs
+++ b/server/AyaNova/biz/Search.cs
@@ -313,7 +313,7 @@ namespace AyaNova.Biz
List CanReadMatchingObjects = new List();
foreach (AyaTypeId t in MatchingObjects)
{
- if (AyaNova.Api.ControllerHelpers.Authorized.IsAuthorizedToReadFullRecord(currentUserRoles, t.ObjectType))
+ if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(currentUserRoles, t.ObjectType))
{
CanReadMatchingObjects.Add(t);
}