This commit is contained in:
@@ -5,17 +5,18 @@ From case https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/1809
|
||||
RAVEN will replace security rights system of v7 with a role based system instead
|
||||
I'm using an int flags enum which means a maximum of 32 possible roles unless I bump it up to a long but don't really want to as this number will be thrown around the api a lot
|
||||
|
||||
|
||||
|
||||
TODO: Fill this out as I code.
|
||||
ROLES set general accessibility to change or delete or read objects, however Business rules may further restrict on top of that.
|
||||
|
||||
**DELETE RIGHTS***
|
||||
If you can modify an object you can delete an object
|
||||
If you can modify an object you can delete an object unless business rules say otherwise
|
||||
|
||||
|
||||
**LIMITED ROLES / BUSINESS RULES LIMITATIONS **
|
||||
(formerly self owned)
|
||||
In some cases business rules may further restrict what a user can do.
|
||||
For example a SubContractorLimited has the change right to a workorder, but in fact the workorder itself has business rules that limit that drastically down to almost nothing but a single area entry in labor
|
||||
|
||||
|
||||
**OWNER LIMITED ROLES**
|
||||
Limited roles in some cases can create an object but can only edit or delete objects they created
|
||||
?? STILL BEING PLANNED OUT SEE BELOW AT BOTTOM ??
|
||||
|
||||
## ROLES
|
||||
|
||||
|
||||
@@ -6,9 +6,20 @@ Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOiIxNTQ3NTgwMzg2IiwiZXhwIjoi
|
||||
## IMMEDIATE ITEMS
|
||||
|
||||
|
||||
Do I need ownerId for anything if it's not being used anymore for rules??
|
||||
- Get rid of it in all rights stuff first, then widget then the rest and rename for the below specific things to UserId instead
|
||||
- DataFilter uses it for a different purpose in that there are public and private filters
|
||||
- After removing everywhere else maybe if this is the only holdout rename the field to userID or something?
|
||||
- Semantically makes more sense
|
||||
- Also helps so we can have no remnants of ownerId anywhere to make it easier to see what's been fixed / changed.
|
||||
- EventLog uses it to log people's changes so an eventlog entry might be owned by Jim but it refers to an action Jim made on another object such as edit it maybe
|
||||
- Could be renamed to UserId as well
|
||||
- Event object uses it see eventlog above
|
||||
- FormCustom uses it much like DataFilter does, could also be renamed to UserId and semantically be better
|
||||
|
||||
EDIT OWN PLANNING FIRST
|
||||
- Now all in core-roles.txt
|
||||
OwnerID is put on httpcontext in startup.cs, will it still be necessary?
|
||||
Clean up owner ID and rules now that it's deprecated
|
||||
Fix tests until they run properly
|
||||
|
||||
NOT THIS: QB TLS STUFF, SERVER UPDATES, MAIL SERVER CONFIG CHECK AND UPDATE
|
||||
AFTER THAT FIGURE OUT SELF OWNED RIGHTS / SUBCONTRACTOR
|
||||
|
||||
Reference in New Issue
Block a user