using System;
using System.Collections.Generic;
using AyaNova.Biz;
namespace AyaNova.Biz
{
///
/// roles of all business objects
///
internal static class BizRoles
{
static Dictionary roles = new Dictionary();
static BizRoles()
{
//Add all object roles here
//NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically
//by assuming if you can change you can read
//HOW THIS WORKS / WHATS EXPECTED
//CHANGE = CREATE, RETRIEVE, UPDATE, DELETE - Full rights
//EDITOWN = special subset of CHANGE: You can create and if it's one you created then you have rights to edit it or delete, but you can't edit ones others have created
//READ = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change
//PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly
//DELETE = There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.
#region All roles initialization
////////////////////////////////////////////////////////////
//USER
//
roles.Add(AyaType.User, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//USEROPTIONS
//(Identical to User, though route also allows own record access full changes)
//
roles.Add(AyaType.UserOptions, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//WIDGET
//
roles.Add(AyaType.Widget, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull,
EditOwn = AuthorizationRoles.TechFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited
});
////////////////////////////////////////////////////////////
//SERVERSTATE
//
roles.Add(AyaType.ServerState, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
//LICENSE
//
roles.Add(AyaType.License, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
//LOGFILE
//
roles.Add(AyaType.LogFile, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
//TAG
//Full roles can make new tags and can edit or delete existing tags
roles.Add(AyaType.Tag, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.DispatchFull | AuthorizationRoles.InventoryFull | AuthorizationRoles.TechFull | AuthorizationRoles.AccountingFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
//TAGMAP
//Any roles can tag objects and remove tags as per their rights to the taggable object type in question
roles.Add(AyaType.TagMap, new BizRoleSet()
{
Change = AuthorizationRoles.AnyRole,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
//TAGGROUP - MIRROR TAGS
//Full roles can make new tags and can edit or delete existing tags
roles.Add(AyaType.TagGroup, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.DispatchFull | AuthorizationRoles.InventoryFull | AuthorizationRoles.TechFull | AuthorizationRoles.AccountingFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
//TAGGROUPMAP - MIRROR TAGMAP
//Full roles can make new taggroupmaps and can edit or delete existing taggroupmaps
roles.Add(AyaType.TagGroupMap, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.DispatchFull | AuthorizationRoles.InventoryFull | AuthorizationRoles.TechFull | AuthorizationRoles.AccountingFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
//OPERATIONS / JOBS
//Only opsfull can change operations
//ops and biz admin can view operations
roles.Add(AyaType.JobOperations, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//AyaNova7Import
//Only opsfull can change operations and view
roles.Add(AyaType.AyaNova7Import, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.NoRole
});
////////////////////////////////////////////////////////////
//METRICS
//
roles.Add(AyaType.Metrics, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
//LOCALE
//
roles.Add(AyaType.Locale, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
//DATAFILTER
//
roles.Add(AyaType.DataFilter, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.AnyRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////////////
#endregion all roles init
}//end of constructor
///
/// Get roleset for biz object
///
///
///
internal static BizRoleSet GetRoleSet(AyaType forType)
{
if (roles.ContainsKey(forType))
{
return roles[forType];
}
else
{
return null;
}
}
}//end of class
}//eons