1175 lines
63 KiB
C#
1175 lines
63 KiB
C#
using System.Collections.Generic;
|
|
using Microsoft.Extensions.Logging;
|
|
|
|
namespace AyaNova.Biz
|
|
{
|
|
|
|
/// <summary>
|
|
/// roles of all business objects
|
|
/// </summary>
|
|
internal static class BizRoles
|
|
{
|
|
|
|
//NOTE: this *is* efficient, it's static and initialized once only on startup the first time it's required and re-used forever afterwards until next reboot
|
|
|
|
internal static Dictionary<AyaType, BizRoleSet> roles = new Dictionary<AyaType, BizRoleSet>();
|
|
|
|
static BizRoles()
|
|
{
|
|
|
|
//Add all object roles here
|
|
//NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically
|
|
//by assuming if you can change you can read
|
|
|
|
//HOW THIS WORKS / WHATS EXPECTED
|
|
//Change = CREATE, RETRIEVE, UPDATE, DELETE - Full rights
|
|
//ReadFullRecord = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change
|
|
//SELECT - this role allows user to select (fetch picklist) this type of object on other forms, we have this security level because otherwise a Customer role user for example, could see other customers via api if not prohibited
|
|
// Setting SELECT - Select only needs to be set on objects for which there is a defined PickList object because that's where it's used solely (as of now anyway)
|
|
//DELETE = There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.
|
|
|
|
#region All roles initialization
|
|
//CoreBizObject add here
|
|
|
|
|
|
//BizRules will handle finer grained rights, this is just the big picture rights or default if no finer required
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//CUSTOMER
|
|
// (any change copy to customer notes, head office)
|
|
roles.Add(AyaType.Customer, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SalesRestricted
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//CUSTOMERNOTES
|
|
// (duplicate of customer above but required to be here to allow various code to not bomb)
|
|
roles.Add(AyaType.CustomerNote, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//CUSTOMER PROXY NOTIFICATION SUBSCRIPTIONS
|
|
//
|
|
roles.Add(AyaType.CustomerNotifySubscription, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Service,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SalesRestricted
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//Contract
|
|
//
|
|
roles.Add(AyaType.Contract, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//HeadOffice (duplicate of customer)
|
|
//
|
|
roles.Add(AyaType.HeadOffice, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//LoanUnit
|
|
//
|
|
roles.Add(AyaType.LoanUnit, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
//### INVENTORY RELATED
|
|
//(see also workorderitempartrequest and workorderitempart below)
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//Part
|
|
//
|
|
roles.Add(AyaType.Part, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//PartInventory
|
|
//
|
|
roles.Add(AyaType.PartInventory, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//PartWarehouse
|
|
//
|
|
roles.Add(AyaType.PartWarehouse, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//Part assembly
|
|
//
|
|
roles.Add(AyaType.PartAssembly, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
//PurchaseOrder
|
|
// this is also effectively part warehouse inventory control
|
|
//
|
|
roles.Add(AyaType.PurchaseOrder, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
//PartInventoryRequest
|
|
// same as PO
|
|
//
|
|
roles.Add(AyaType.PartInventoryRequest, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
//PartInventoryRestock
|
|
// same as PO
|
|
//
|
|
roles.Add(AyaType.PartInventoryRestock, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
//PartInventoryDataList
|
|
// same as PO
|
|
//
|
|
roles.Add(AyaType.PartInventoryDataList, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
//PartInventoryRequestDataList
|
|
// same as PO
|
|
//
|
|
roles.Add(AyaType.PartInventoryRequestDataList, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//Project
|
|
//
|
|
roles.Add(AyaType.Project, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//ServiceRate
|
|
//
|
|
roles.Add(AyaType.ServiceRate, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Service
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service//these people can see costs so very limited
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//TravelRate
|
|
//
|
|
roles.Add(AyaType.TravelRate, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Service
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service//these people can see costs so very limited
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//TaxCode
|
|
//
|
|
roles.Add(AyaType.TaxCode, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.Service
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.SalesRestricted
|
|
,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
// ////////////////////////////////////////////////////////////
|
|
// //SERVICE BANK
|
|
// //
|
|
// roles.Add(AyaType.ServiceBank, new BizRoleSet()
|
|
// {
|
|
// //The Change role settings is intended to
|
|
// //apply to directly making a service bank entry i.e. adding to the bank
|
|
// //when deducting from the bank the role required is for the object that is being banked
|
|
// //Subcontractors are deliberately excluded here
|
|
// //on the fence about sales as it's conceivable that a salesman sells bank time and then enters it but
|
|
// //that's really in the realm of accounting, bizadmin or most obviously Service
|
|
// Change = AuthorizationRoles.BizAdm inFu ll
|
|
// | AuthorizationRoles.Servi ceFul l
|
|
// | AuthorizationRoles.Account ingFu ll,
|
|
// ReadFullRecord = AuthorizationRoles.Biz AdminLim ited
|
|
// | AuthorizationRoles.Se rviceLim ited
|
|
// | AuthorizationRoles.Sa lesLim ited
|
|
// | AuthorizationRoles.Te chLi mited
|
|
// | AuthorizationRoles.Sa lesF ull
|
|
// | AuthorizationRoles.Te chFu ll,
|
|
// Select = AuthorizationRoles.All
|
|
// });
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//Unit
|
|
//
|
|
roles.Add(AyaType.Unit, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales | AuthorizationRoles.SalesRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//UnitModel
|
|
//
|
|
roles.Add(AyaType.UnitModel, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//UnitMeterReading
|
|
//
|
|
roles.Add(AyaType.UnitMeterReading, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//Vendor
|
|
//
|
|
roles.Add(AyaType.Vendor, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Accounting | AuthorizationRoles.Inventory,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//TaskGroup (init mirroring wostatus for now)
|
|
//
|
|
roles.Add(AyaType.TaskGroup, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service,
|
|
ReadFullRecord = AuthorizationRoles.All,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//WorkOrderStatus
|
|
//
|
|
roles.Add(AyaType.WorkOrderStatus, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.Tech,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//WorkOrderItemStatus
|
|
//
|
|
roles.Add(AyaType.WorkOrderItemStatus, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.Tech,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//WorkOrderItemPriority
|
|
//
|
|
roles.Add(AyaType.WorkOrderItemPriority, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.Tech,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//WorkOrder
|
|
//
|
|
roles.Add(AyaType.WorkOrder, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItem, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemExpense, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.TechRestricted | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemLabor, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemLoan, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemPart, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemPartRequest, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemScheduledUser, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor | AuthorizationRoles.SubContractorRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemTask, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemTravel, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.TechRestricted | AuthorizationRoles.SubContractor | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.SubContractorRestricted | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemUnit, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.SubContractor | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
roles.Add(AyaType.WorkOrderItemOutsideService, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Tech | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted | AuthorizationRoles.TechRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
//---
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//Quote
|
|
//
|
|
|
|
var quoteBizRoleSet = new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service | AuthorizationRoles.Sales | AuthorizationRoles.Accounting,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.SalesRestricted,
|
|
Select = AuthorizationRoles.All
|
|
};
|
|
|
|
roles.Add(AyaType.Quote, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItem, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemExpense, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemLabor, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemLoan, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemPart, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemScheduledUser, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemTask, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemTravel, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemUnit, quoteBizRoleSet);
|
|
roles.Add(AyaType.QuoteItemOutsideService, quoteBizRoleSet);
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//QUOTESTATUS
|
|
//
|
|
roles.Add(AyaType.QuoteStatus, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Sales | AuthorizationRoles.Accounting | AuthorizationRoles.Service,
|
|
ReadFullRecord = AuthorizationRoles.All,
|
|
Select = AuthorizationRoles.All//sub restricted by client and biz rules as status has it's own role settings so just keep it open for everyone to potentially access
|
|
});
|
|
//---
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//PM
|
|
//
|
|
|
|
var pmBizRoleSet = new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Service,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.ServiceRestricted | AuthorizationRoles.Sales | AuthorizationRoles.SalesRestricted,
|
|
Select = AuthorizationRoles.All
|
|
};
|
|
|
|
roles.Add(AyaType.PM, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItem, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemExpense, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemLabor, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemLoan, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemPart, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemScheduledUser, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemTask, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemTravel, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemUnit, pmBizRoleSet);
|
|
roles.Add(AyaType.PMItemOutsideService, pmBizRoleSet);
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//GLOBAL BIZ SETTINGS
|
|
//
|
|
roles.Add(AyaType.Global, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//GLOBAL OPS SETTINGS
|
|
//
|
|
roles.Add(AyaType.GlobalOps, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.OpsAdminRestricted
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//USER
|
|
//
|
|
roles.Add(AyaType.User, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//USEROPTIONS
|
|
//(Identical to User, though route also allows own record access full changes)
|
|
//
|
|
roles.Add(AyaType.UserOptions, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
});
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//SERVERSTATE
|
|
//
|
|
roles.Add(AyaType.ServerState, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//LICENSE
|
|
//
|
|
roles.Add(AyaType.License, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//TRIALSEEDER
|
|
//
|
|
roles.Add(AyaType.TrialSeeder, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted | AuthorizationRoles.OpsAdminRestricted
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//LOGFILE - server log, not event log
|
|
//
|
|
roles.Add(AyaType.LogFile, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.NoRole,
|
|
ReadFullRecord = AuthorizationRoles.OpsAdmin | AuthorizationRoles.OpsAdminRestricted
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//BACKUP
|
|
//Only opsfull can change Backup
|
|
//ops and biz admin can view Backup
|
|
roles.Add(AyaType.Backup, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.OpsAdminRestricted | AuthorizationRoles.BizAdmin | AuthorizationRoles.BizAdminRestricted
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//FILEATTACHMENT ADMINISTRATION
|
|
//This is not for attachments themselves which are tied to the object they are attached to
|
|
//this is for things like maintenance jobs or viewing lists of all attachments in general for batch ops etc
|
|
// NOTE: Attachments are considered business data and as such are not available to OPS roles
|
|
// who are not allowed to see biz data
|
|
roles.Add(AyaType.FileAttachment, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,//Need full rights only here because this is the rights checked for batch delete etc so it's simpler than checking all the parent object rights if you know they already have all rights
|
|
ReadFullRecord = AuthorizationRoles.BizAdmin | AuthorizationRoles.BizAdminRestricted
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//OPERATIONS / JOBS
|
|
//Only opsfull can change operations
|
|
//ops and biz admin can view operations
|
|
roles.Add(AyaType.ServerJob, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.OpsAdminRestricted | AuthorizationRoles.BizAdmin | AuthorizationRoles.BizAdminRestricted
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//OPERATIONS / Notification settings
|
|
//Only opsfull can change operations
|
|
//ops and biz admin can view operations
|
|
roles.Add(AyaType.OpsNotificationSettings, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.OpsAdminRestricted | AuthorizationRoles.BizAdmin | AuthorizationRoles.BizAdminRestricted
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//SERVERMETRICS
|
|
//
|
|
roles.Add(AyaType.ServerMetrics, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.OpsAdmin,//this is to turn on extra metrics (profiler)
|
|
ReadFullRecord = AuthorizationRoles.OpsAdmin | AuthorizationRoles.OpsAdminRestricted
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//TRANSLATION
|
|
//
|
|
roles.Add(AyaType.Translation, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
//Anyone can read it because they need to to open a form, but also in UI
|
|
//only the BizAdminRestricted actually gets a link to see the customization page
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//DATALISTFILTER
|
|
//
|
|
roles.Add(AyaType.DataListSavedFilter, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
ReadFullRecord = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//FORMUSEROPTIONS
|
|
// Note: this is only ever modified by user personally
|
|
// so it is accessible by all and biz rules
|
|
//restrict to own userid
|
|
roles.Add(AyaType.FormUserOptions, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.All,
|
|
ReadFullRecord = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//FORMCUSTOM
|
|
//
|
|
roles.Add(AyaType.FormCustom, new BizRoleSet()
|
|
{
|
|
//Only BizAdmin can modify forms
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
//Anyone can read it because they need to to open a form, but also in UI
|
|
//only the BizAdminRestricted actually gets a link to see the customization page
|
|
ReadFullRecord = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//PICKLISTTEMPLATE
|
|
//
|
|
roles.Add(AyaType.PickListTemplate, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
ReadFullRecord = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//BIZMETRICS
|
|
// todo: deprecate? Not used for anything as of nov 2020
|
|
roles.Add(AyaType.BizMetrics, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted |
|
|
AuthorizationRoles.Sales |
|
|
AuthorizationRoles.SalesRestricted |
|
|
AuthorizationRoles.Accounting
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//NOTIFICATION
|
|
//
|
|
roles.Add(AyaType.Notification, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.All,
|
|
ReadFullRecord = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//NOTIFICATION_SUBSCRIPTION
|
|
//
|
|
roles.Add(AyaType.NotifySubscription, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.All,
|
|
ReadFullRecord = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//REPORT
|
|
//
|
|
roles.Add(AyaType.Report, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.BizAdminRestricted,
|
|
ReadFullRecord = AuthorizationRoles.All,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//CUSTOMER SERVICE REQUEST
|
|
//
|
|
roles.Add(AyaType.CustomerServiceRequest, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.Customer | AuthorizationRoles.BizAdmin | AuthorizationRoles.Service,
|
|
ReadFullRecord = AuthorizationRoles.CustomerRestricted
|
|
| AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Tech,
|
|
Select = AuthorizationRoles.All
|
|
});
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//MEMO
|
|
// (everyone but outside users Customer and HO can send and receive memos)
|
|
roles.Add(AyaType.Memo, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
Select = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//REMINDER
|
|
// (everyone but outside users Customer and HO)
|
|
roles.Add(AyaType.Reminder, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
Select = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//REVIEW
|
|
// (everyone but outside users and follows object rights)
|
|
roles.Add(AyaType.Review, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
Select = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////
|
|
//INTEGRATION
|
|
// (everyone but outside users Customer and HO)
|
|
//this right is for the integration data itself, NOT any other AyaNova data
|
|
//so if someone is malicious the worst case scenario is they can mess up the integration data
|
|
// but they would still need rights to access any AyaNova data under their account so there is no loophole here
|
|
// technically an integration may be used by any role user
|
|
// however not likely to be read only or limited rights rols
|
|
// so will allow full access for any user and leave
|
|
// finer tuning of authorization to integrating app itself
|
|
// Also, integration is only used to store app data conveniently it in no way is required to
|
|
// write api accessing apps so any limitations are not preventing 3rd parties from writing AyaNova api consuming apps of any kind
|
|
//
|
|
roles.Add(AyaType.Integration, new BizRoleSet()
|
|
{
|
|
Change = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
ReadFullRecord = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
Select = AuthorizationRoles.BizAdminRestricted
|
|
| AuthorizationRoles.BizAdmin
|
|
| AuthorizationRoles.ServiceRestricted
|
|
| AuthorizationRoles.Service
|
|
| AuthorizationRoles.InventoryRestricted
|
|
| AuthorizationRoles.Inventory
|
|
| AuthorizationRoles.Accounting
|
|
| AuthorizationRoles.TechRestricted
|
|
| AuthorizationRoles.Tech
|
|
| AuthorizationRoles.SubContractorRestricted
|
|
| AuthorizationRoles.SubContractor
|
|
| AuthorizationRoles.Sales
|
|
| AuthorizationRoles.SalesRestricted
|
|
| AuthorizationRoles.OpsAdminRestricted
|
|
| AuthorizationRoles.OpsAdmin,
|
|
});
|
|
|
|
////////////////////////////////////////////////////////////////////
|
|
#endregion all roles init
|
|
|
|
|
|
#region output as JSON for client side
|
|
|
|
#if (DEBUG)
|
|
//ONGOING VALIDATION TO CATCH MISMATCH WHEN NEW ROLES ADDED (wont' catch changes to existing unfortunately)
|
|
//################## HOW TO USE ##########
|
|
//############## Uncomment code block below, put a break on lastRoles, copy from the output in the LOG (good for javascript with quotes formatted that way) #######
|
|
// #### NEED to separately take a copy and update "lastRoles" string here by copying from the variable watch for the "json" variable shown in the debugger because need the C# format escaped quotes string
|
|
|
|
//GENERATE CLIENT COMPATIBLE JSON FROM ROLES OUTPUT TO DEBUG LOG
|
|
//And seperately, set the JSON variable so can copy from debug variable "value" property for lastRoles here to compare
|
|
|
|
/*
|
|
|
|
string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None);
|
|
System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", "BizRoles.cs -> biz-role-rights.js Client roles JSON fragment:\n\n");
|
|
System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", json + "\n\n");
|
|
var lastRoles = "{\"Customer\":{\"Change\":32842,\"ReadFullRecord\":65797,\"Select\":131071},\"CustomerNote\":{\"Change\":32842,\"ReadFullRecord\":65797,\"Select\":131071},\"CustomerNotifySubscription\":{\"Change\":10,\"ReadFullRecord\":65797,\"Select\":131071},\"Contract\":{\"Change\":74,\"ReadFullRecord\":98565,\"Select\":131071},\"HeadOffice\":{\"Change\":32842,\"ReadFullRecord\":65797,\"Select\":131071},\"LoanUnit\":{\"Change\":74,\"ReadFullRecord\":98565,\"Select\":131071},\"Part\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PartInventory\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PartWarehouse\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PartAssembly\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PurchaseOrder\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PartInventoryRequest\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PartInventoryRestock\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PartInventoryDataList\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"PartInventoryRequestDataList\":{\"Change\":98,\"ReadFullRecord\":29,\"Select\":131071},\"Project\":{\"Change\":74,\"ReadFullRecord\":98565,\"Select\":131071},\"ServiceRate\":{\"Change\":74,\"ReadFullRecord\":33037,\"Select\":131071},\"TravelRate\":{\"Change\":74,\"ReadFullRecord\":33037,\"Select\":131071},\"TaxCode\":{\"Change\":66,\"ReadFullRecord\":98573,\"Select\":131071},\"Unit\":{\"Change\":330,\"ReadFullRecord\":98309,\"Select\":131071},\"UnitModel\":{\"Change\":74,\"ReadFullRecord\":98565,\"Select\":131071},\"UnitMeterReading\":{\"Change\":330,\"ReadFullRecord\":98309,\"Select\":131071},\"Vendor\":{\"Change\":106,\"ReadFullRecord\":98565,\"Select\":131071},\"TaskGroup\":{\"Change\":10,\"ReadFullRecord\":131071,\"Select\":131071},\"WorkOrderStatus\":{\"Change\":74,\"ReadFullRecord\":98565,\"Select\":131071},\"WorkOrderItemStatus\":{\"Change\":74,\"ReadFullRecord\":98565,\"Select\":131071},\"WorkOrderItemPriority\":{\"Change\":74,\"ReadFullRecord\":98565,\"Select\":131071},\"WorkOrder\":{\"Change\":1994,\"ReadFullRecord\":98949,\"Select\":131071},\"WorkOrderItem\":{\"Change\":330,\"ReadFullRecord\":98949,\"Select\":131071},\"WorkOrderItemExpense\":{\"Change\":458,\"ReadFullRecord\":98949,\"Select\":131071},\"WorkOrderItemLabor\":{\"Change\":1994,\"ReadFullRecord\":98949,\"Select\":131071},\"WorkOrderItemLoan\":{\"Change\":330,\"ReadFullRecord\":99461,\"Select\":131071},\"WorkOrderItemPart\":{\"Change\":330,\"ReadFullRecord\":99461,\"Select\":131071},\"WorkOrderItemPartRequest\":{\"Change\":330,\"ReadFullRecord\":99461,\"Select\":131071},\"WorkOrderItemScheduledUser\":{\"Change\":330,\"ReadFullRecord\":99973,\"Select\":131071},\"WorkOrderItemTask\":{\"Change\":1994,\"ReadFullRecord\":98949,\"Select\":131071},\"WorkOrderItemTravel\":{\"Change\":1994,\"ReadFullRecord\":98949,\"Select\":131071},\"WorkOrderItemUnit\":{\"Change\":330,\"ReadFullRecord\":99461,\"Select\":131071},\"WorkOrderItemOutsideService\":{\"Change\":330,\"ReadFullRecord\":98437,\"Select\":131071},\"Quote\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItem\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemExpense\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemLabor\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemLoan\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemPart\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemScheduledUser\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemTask\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemTravel\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemUnit\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteItemOutsideService\":{\"Change\":32842,\"ReadFullRecord\":65541,\"Select\":131071},\"QuoteStatus\":{\"Change\":32842,\"ReadFullRecord\":131071,\"Select\":131071},\"PM\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItem\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemExpense\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemLabor\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemLoan\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemPart\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemScheduledUser\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemTask\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemTravel\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemUnit\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"PMItemOutsideService\":{\"Change\":10,\"ReadFullRecord\":98309,\"Select\":131071},\"Global\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":0},\"GlobalOps\":{\"Change\":16384,\"ReadFullRecord\":8192,\"Select\":0},\"User\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":131071},\"UserOptions\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":0},\"ServerState\":{\"Change\":16384,\"ReadFullRecord\":131071,\"Select\":0},\"License\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":0},\"TrialSeeder\":{\"Change\":16386,\"ReadFullRecord\":8193,\"Select\":0},\"LogFile\":{\"Change\":0,\"ReadFullRecord\":24576,\"Select\":0},\"Backup\":{\"Change\":16384,\"ReadFullRecord\":8195,\"Select\":0},\"FileAttachment\":{\"Change\":2,\"ReadFullRecord\":3,\"Select\":0},\"ServerJob\":{\"Change\":16384,\"ReadFullRecord\":8195,\"Select\":0},\"OpsNotificationSettings\":{\"Change\":16384,\"ReadFullRecord\":8195,\"Select\":0},\"ServerMetrics\":{\"Change\":16384,\"ReadFullRecord\":24576,\"Select\":0},\"Translation\":{\"Change\":2,\"ReadFullRecord\":1,\"Select\":131071},\"DataListSavedFilter\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0},\"FormUserOptions\":{\"Change\":131071,\"ReadFullRecord\":131071,\"Select\":0},\"FormCustom\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0},\"PickListTemplate\":{\"Change\":2,\"ReadFullRecord\":131071,\"Select\":0},\"BizMetrics\":{\"Change\":2,\"ReadFullRecord\":98369,\"Select\":0},\"Notification\":{\"Change\":131071,\"ReadFullRecord\":131071,\"Select\":0},\"NotifySubscription\":{\"Change\":131071,\"ReadFullRecord\":131071,\"Select\":0},\"Report\":{\"Change\":3,\"ReadFullRecord\":131071,\"Select\":131071},\"CustomerServiceRequest\":{\"Change\":4106,\"ReadFullRecord\":2309,\"Select\":131071},\"Memo\":{\"Change\":124927,\"ReadFullRecord\":124927,\"Select\":124927},\"Reminder\":{\"Change\":124927,\"ReadFullRecord\":124927,\"Select\":124927},\"Review\":{\"Change\":124927,\"ReadFullRecord\":124927,\"Select\":124927},\"Integration\":{\"Change\":124927,\"ReadFullRecord\":124927,\"Select\":124927}}";
|
|
Dictionary<AyaType, BizRoleSet> lastRolesDeserialized = Newtonsoft.Json.JsonConvert.DeserializeObject<Dictionary<AyaType, BizRoleSet>>(lastRoles);
|
|
if (lastRolesDeserialized.Count != roles.Count)
|
|
{
|
|
|
|
{
|
|
((ILogger)AyaNova.Util.ApplicationLogging.CreateLogger("BizRoles.cs")).LogWarning("BizRoles::Constructor - roles were modified from last snapshot for client!!!");
|
|
}
|
|
}
|
|
|
|
*/
|
|
|
|
|
|
#endif
|
|
#endregion
|
|
|
|
|
|
|
|
|
|
}//end of constructor
|
|
|
|
|
|
/// <summary>
|
|
/// Get roleset for biz object
|
|
/// </summary>
|
|
/// <param name="forType"></param>
|
|
/// <returns></returns>
|
|
internal static BizRoleSet GetRoleSet(AyaType forType)
|
|
{
|
|
if (roles.ContainsKey(forType))
|
|
{
|
|
return roles[forType];
|
|
}
|
|
else
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
}//end of class
|
|
|
|
|
|
}//eons
|
|
|