2018-09-04 19:07:42 +00:00
parent 21eb952e5a
commit a5f9759a7c
15 changed files with 43 additions and 44 deletions
--- a/server/AyaNova/ControllerHelpers/Authorized.cs
+++ b/server/AyaNova/ControllerHelpers/Authorized.cs
@@ -27,12 +27,12 @@ namespace AyaNova.Api.ControllerHelpers
        /// <summary>
-        /// READ / GENERAL ACCESS
+        /// READ FULL RECORD (not just name and id)
        /// </summary>
        /// <param name="HttpContextItems"></param>
        /// <param name="objectType"></param>
        /// <returns></returns>
-        internal static bool IsAuthorizedToRead(IDictionary<object, object> HttpContextItems, AyaType objectType)
+        internal static bool IsAuthorizedToReadFullRecord(IDictionary<object, object> HttpContextItems, AyaType objectType)
        {
            AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
@@ -40,7 +40,7 @@ namespace AyaNova.Api.ControllerHelpers
            if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
                return true;
-            if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Read))
+            if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).ReadFullRecord))
                return true;
            return false;
--- a/server/AyaNova/Controllers/AttachmentController.cs
+++ b/server/AyaNova/Controllers/AttachmentController.cs
@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
            }
            //is this allowed?
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, dbObj.AttachToObjectType))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/EventLogController.cs
+++ b/server/AyaNova/Controllers/EventLogController.cs
@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, opt.AyType))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, opt.AyType))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -97,7 +97,7 @@ namespace AyaNova.Api.Controllers
            long UserId = UserIdFromContext.Id(HttpContext.Items);
            //If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
+++ b/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
@@ -197,7 +197,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.AyaNova7Import))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.AyaNova7Import))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/JobOperationsController.cs
+++ b/server/AyaNova/Controllers/JobOperationsController.cs
@@ -63,7 +63,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.JobOperations))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -102,7 +102,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.JobOperations))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/LicenseController.cs
+++ b/server/AyaNova/Controllers/LicenseController.cs
@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.License))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.License))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/LogFilesController.cs
+++ b/server/AyaNova/Controllers/LogFilesController.cs
@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.LogFile))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.LogFile))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/MetricsController.cs
+++ b/server/AyaNova/Controllers/MetricsController.cs
@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -91,7 +91,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/TagController.cs
+++ b/server/AyaNova/Controllers/TagController.cs
@@ -59,7 +59,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Tag))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/TagMapController.cs
+++ b/server/AyaNova/Controllers/TagMapController.cs
@@ -57,7 +57,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.TagMap))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.TagMap))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -78,7 +78,7 @@ namespace AyaNova.Api.Controllers
            }
            //Check rights to parent tagged object
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, o.TagToObjectType))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, o.TagToObjectType))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -216,7 +216,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -228,7 +228,7 @@ namespace AyaNova.Api.Controllers
            //Check rights to parent tagged object
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, inObj.ObjectType))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, inObj.ObjectType))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/Controllers/WidgetController.cs
+++ b/server/AyaNova/Controllers/WidgetController.cs
@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -108,7 +108,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -437,7 +437,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
@@ -457,7 +457,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
+            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
--- a/server/AyaNova/biz/BizRoleSet.cs
+++ b/server/AyaNova/biz/BizRoleSet.cs
@@ -8,7 +8,7 @@ namespace AyaNova.Biz
    {
        public AuthorizationRoles Change { get; set; }
        public AuthorizationRoles EditOwn { get; set; }
-        public AuthorizationRoles Read { get; set; }
+        public AuthorizationRoles ReadFullRecord { get; set; }
    }//eoc
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -22,8 +22,8 @@ namespace AyaNova.Biz
            //HOW THIS WORKS / WHATS EXPECTED
            //CHANGE = CREATE, RETRIEVE, UPDATE, DELETE - Full rights
            //EDITOWN = special subset of CHANGE: You can create and if it's one you created then you have rights to edit it or delete, but you can't edit ones others have created
-            //READ = You can read *all* the fields of the record, but can't modify it. 
+            //READ = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change 
-            //PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly
+                //PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly
            //DELETE = There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.
            #region All roles initialization
@@ -35,7 +35,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.BizAdminFull,
                EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
-                Read = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
+                ReadFullRecord = AuthorizationRoles.BizAdminLimited
            });
            ////////////////////////////////////////////////////////////
@@ -45,7 +45,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull,
                EditOwn = AuthorizationRoles.TechFull,
-                Read = AuthorizationRoles.AnyRole
+                ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited
            });
            ////////////////////////////////////////////////////////////
@@ -55,7 +55,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.OpsAdminFull,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.AnyRole
+                ReadFullRecord = AuthorizationRoles.AnyRole
            });
@@ -66,7 +66,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
+                ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
            });
            ////////////////////////////////////////////////////////////
@@ -76,7 +76,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.NoRole,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
+                ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
            });
            ////////////////////////////////////////////////////////////
@@ -86,7 +86,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.DispatchFull | AuthorizationRoles.InventoryFull | AuthorizationRoles.TechFull | AuthorizationRoles.AccountingFull,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.AnyRole
+                ReadFullRecord = AuthorizationRoles.AnyRole
            });
            ////////////////////////////////////////////////////////////
@@ -96,30 +96,29 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.AnyRole,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.AnyRole
+                ReadFullRecord = AuthorizationRoles.AnyRole
            });
            ////////////////////////////////////////////////////////////
-            //OPERATIONS
+            //OPERATIONS / JOBS
            //Only opsfull can change operations
            //ops and biz admin can view operations        
            roles.Add(AyaType.JobOperations, new BizRoleSet()
            {
                Change = AuthorizationRoles.OpsAdminFull,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
+                ReadFullRecord = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
            });
            ////////////////////////////////////////////////////////////
            //AyaNova7Import
-            //Only opsfull can change operations
+            //Only opsfull can change operations and view
            //opsfull can view operations        
            roles.Add(AyaType.AyaNova7Import, new BizRoleSet()
            {
                Change = AuthorizationRoles.OpsAdminFull,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.OpsAdminFull
+                ReadFullRecord = AuthorizationRoles.NoRole
            });
@@ -130,7 +129,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.NoRole,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
+                ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
            });
@@ -141,7 +140,7 @@ namespace AyaNova.Biz
            {
                Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
                EditOwn = AuthorizationRoles.NoRole,
-                Read = AuthorizationRoles.AnyRole
+                ReadFullRecord = AuthorizationRoles.AnyRole
            });
--- a/test/raven-integration/Widget/WidgetRights.cs
+++ b/test/raven-integration/Widget/WidgetRights.cs
@@ -28,7 +28,7 @@ namespace raven_integration
        [Fact]
        public async void ServerShouldNotAllowReadUnauthorizedAccess()
        {
-            ApiResponse a = await Util.GetAsync("Widget/list", await Util.GetTokenAsync( "OpsAdminFull"));
+            ApiResponse a = await Util.GetAsync("Widget/listwidgets", await Util.GetTokenAsync( "OpsAdminFull"));
            //2004 unauthorized
            Util.ValidateErrorCodeResponse(a, 2004, 401);
        }