using System;
using System.Collections.Generic;
using AyaNova.Biz;
namespace AyaNova.Biz
{
///
/// roles of all business objects
///
internal static class BizRoles
{
internal static Dictionary roles = new Dictionary();
static BizRoles()
{
//Add all object roles here
//NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically
//by assuming if you can change you can read
//HOW THIS WORKS / WHATS EXPECTED
//Change = CREATE, RETRIEVE, UPDATE, DELETE - Full rights
//ReadFullRecord = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change
//SELECT - this role allows user to select (fetch picklist) this type of object on other forms, we have this security level because otherwise a Customer role user for example, could see other customers via api if not prohibited
// Setting SELECT - Select only needs to be set on objects for which there is a defined PickList object because that's where it's used solely (as of now anyway)
//DELETE = There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.
#region All roles initialization
//CoreBizObject add here
////////////////////////////////////////////////////////////
//GLOBAL BIZ SETTINGS
//
roles.Add(AyaType.Global, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//USER
//
roles.Add(AyaType.User, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited,
Select = AuthorizationRoles.All
});
////////////////////////////////////////////////////////////
//USEROPTIONS
//(Identical to User, though route also allows own record access full changes)
//
roles.Add(AyaType.UserOptions, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//WIDGET
//
roles.Add(AyaType.Widget, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited,
Select = AuthorizationRoles.All
});
////////////////////////////////////////////////////////////
//SERVERSTATE
//
roles.Add(AyaType.ServerState, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
ReadFullRecord = AuthorizationRoles.All
});
////////////////////////////////////////////////////////////
//LICENSE
//
roles.Add(AyaType.License, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
//LOGFILE
//
roles.Add(AyaType.LogFile, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
//OPERATIONS / JOBS
//Only opsfull can change operations
//ops and biz admin can view operations
roles.Add(AyaType.ServerJob, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
ReadFullRecord = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//AyaNova7Import
//Only opsfull can change operations and view
roles.Add(AyaType.AyaNova7Import, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
ReadFullRecord = AuthorizationRoles.NoRole
});
////////////////////////////////////////////////////////////
//METRICS
//
roles.Add(AyaType.Metrics, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
//TRANSLATION
//
roles.Add(AyaType.Translation, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
//Anyone can read it because they need to to open a form, but also in UI
//only the bizadminlimited actually gets a link to see teh customization page
ReadFullRecord = AuthorizationRoles.All
});
////////////////////////////////////////////////////////////
//DATALISTFILTER
//
roles.Add(AyaType.DataListView, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
ReadFullRecord = AuthorizationRoles.All
});
////////////////////////////////////////////////////////////
//FORMCUSTOM
//
roles.Add(AyaType.FormCustom, new BizRoleSet()
{
//Only BizAdminFull can modify forms
Change = AuthorizationRoles.BizAdminFull,
//Anyone can read it because they need to to open a form, but also in UI
//only the bizadminlimited actually gets a link to see teh customization page
ReadFullRecord = AuthorizationRoles.All
});
////////////////////////////////////////////////////////////
//PICKLISTTEMPLATE
//
roles.Add(AyaType.PickListTemplate, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
ReadFullRecord = AuthorizationRoles.All
});
////////////////////////////////////////////////////////////////////
#endregion all roles init
#region output as JSON for client side
#if (DEBUG)
//################## HOW TO USE ##########
//############## Uncomment SerializeObject and two debugger lines, put a break on lastRoles, copy from the output in the LOG (good for javascript with quotes formatted that way) #######
// #### NEED to separately take a copy and update "lastRoles" string here by copying from the variable watch for the "json" variable shown in the debugger because need the C# format escaped quotes string
//GENERATE CLIENT COMPATIBLE JSON FROM ROLES OUTPUT TO DEBUG LOG
//And seperately, set the JSON variable so can copy from debug variable "value" property for lastRoles here to compare
// string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None);
// System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", "BizRoles.cs -> biz-role-rights.js Client roles JSON fragment:");
// System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", json);
//ONGOING VALIDATION TO CATCH MISMATCH WHEN NEW ROLES ADDED (wont' catch changes to existing unfortunately)
//var lastRoles = "{\"User\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":131071},\"UserOptions\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":0},\"Widget\":{\"Change\":34,\"ReadFullRecord\":17,\"Select\":131071},\"ServerState\":{\"Change\":16384,\"ReadFullRecord\":131071,\"Select\":0},\"License\":{\"Change\":16386,\"ReadFullRecord\":8193,\"Select\":0},\"LogFile\":{\"Change\":0,\"ReadFullRecord\":24576,\"Select\":0},\"ServerJob\":{\"Change\":16384,\"ReadFullRecord\":8195,\"Select\":0},\"AyaNova7Import\":{\"Change\":16384,\"ReadFullRecord\":0,\"Select\":0},\"Metrics\":{\"Change\":0,\"ReadFullRecord\":24576,\"Select\":0},\"Translation\":{\"Change\":16386,\"ReadFullRecord\":131071,\"Select\":0},\"DataListView\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0},\"FormCustom\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0},\"PickListTemplate\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":131071}}";
var lastRoles = "{\"Global\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":0},\"User\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":131071},\"UserOptions\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":0},\"Widget\":{\"Change\":34,\"ReadFullRecord\":17,\"Select\":131071},\"ServerState\":{\"Change\":16384,\"ReadFullRecord\":131071,\"Select\":0},\"License\":{\"Change\":16386,\"ReadFullRecord\":8193,\"Select\":0},\"LogFile\":{\"Change\":0,\"ReadFullRecord\":24576,\"Select\":0},\"ServerJob\":{\"Change\":16384,\"ReadFullRecord\":8195,\"Select\":0},\"AyaNova7Import\":{\"Change\":16384,\"ReadFullRecord\":0,\"Select\":0},\"Metrics\":{\"Change\":0,\"ReadFullRecord\":24576,\"Select\":0},\"Translation\":{\"Change\":16386,\"ReadFullRecord\":131071,\"Select\":0},\"DataListView\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0},\"FormCustom\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0},\"PickListTemplate\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0}}";
Dictionary lastRolesDeserialized = Newtonsoft.Json.JsonConvert.DeserializeObject>(lastRoles);
if (lastRolesDeserialized.Count != roles.Count)
{
throw new System.ArgumentException("BizRoles::Constructor - roles were modified from last snapshot for client!!!");
}
#endif
#endregion
}//end of constructor
///
/// Get roleset for biz object
///
///
///
internal static BizRoleSet GetRoleSet(AyaType forType)
{
if (roles.ContainsKey(forType))
{
return roles[forType];
}
else
{
return null;
}
}
}//end of class
}//eons