Stabilized hierarchical permissions and implemented strict visibility gating.
Standardized access level hierarchy (super > manager > administrator > trusted) and added hierarchical comparison utilities to 'ae_util'. Refactored IDAA layout to use an 'Upgrade-Only' permission strategy, preventing context-specific identifications from downgrading global Manager privileges. Implemented strict gated filtering in the Journal Entry list: hidden and disabled items now correctly require both the appropriate hierarchical role (Trusted/Admin) AND active Edit Mode.
This commit is contained in:
Scott Idem
@@ -286,11 +286,11 @@ async function _refresh_journal_li_background({
|
||||
let promise;
|
||||
if (qry_person_id) {
|
||||
const search_query: any = {
|
||||
and: [{ field: 'person_id_random', op: 'eq', value: qry_person_id }]
|
||||
and: [{ field: 'person_id', op: 'eq', value: qry_person_id }]
|
||||
};
|
||||
if (for_obj_id)
|
||||
search_query.and.push({
|
||||
field: `${for_obj_type}_id_random`,
|
||||
field: `${for_obj_type}_id`,
|
||||
op: 'eq',
|
||||
value: for_obj_id
|
||||
});
|
||||
@@ -344,7 +344,7 @@ async function _refresh_journal_li_background({
|
||||
load_ae_obj_li__journal_entry({
|
||||
api_cfg,
|
||||
for_obj_type: 'journal',
|
||||
for_obj_id: journal.journal_id_random,
|
||||
for_obj_id: journal.journal_id,
|
||||
enabled,
|
||||
hidden,
|
||||
limit,
|
||||
@@ -396,7 +396,7 @@ export async function create_ae_obj__journal({
|
||||
api_cfg: api_cfg,
|
||||
obj_type: 'journal',
|
||||
fields: {
|
||||
account_id_random: account_id,
|
||||
account_id: account_id,
|
||||
...data_kv
|
||||
},
|
||||
params: params,
|
||||
@@ -613,7 +613,7 @@ export async function qry__journal({
|
||||
if (journal_id) {
|
||||
// Assuming journal_id here is actually the account_id as per original usage context
|
||||
search_query.and.push({
|
||||
field: 'account_id_random',
|
||||
field: 'account_id',
|
||||
op: 'eq',
|
||||
value: journal_id
|
||||
});
|
||||
@@ -797,7 +797,6 @@ async function _process_generic_props<T extends Record<string, any>>({
|
||||
// --- Common Transformations ---
|
||||
|
||||
// 1. Standardize ID and other '_random' fields
|
||||
// The API often returns fields like 'person_id_random', which need to be aliased to 'person_id'.
|
||||
for (const key in processed_obj) {
|
||||
if (key.endsWith('_random')) {
|
||||
const newKey = key.slice(0, -7); // Remove '_random' suffix
|
||||
@@ -805,7 +804,7 @@ async function _process_generic_props<T extends Record<string, any>>({
|
||||
}
|
||||
}
|
||||
// Ensure 'id' is set from '[obj_type]_id_random'
|
||||
const randomIdKey = `${obj_type}_id_random`;
|
||||
const randomIdKey = `${obj_type}_id`;
|
||||
if (processed_obj[randomIdKey]) {
|
||||
(processed_obj as any).id = processed_obj[randomIdKey];
|
||||
}
|
||||
|
||||
@@ -396,13 +396,13 @@ export async function qry__journal_entry({
|
||||
// Context scoping: Prefer journal_id if provided, otherwise fallback to person_id (global search)
|
||||
if (journal_id) {
|
||||
search_query.and.push({
|
||||
field: 'journal_id_random',
|
||||
field: 'journal_id',
|
||||
op: 'eq',
|
||||
value: journal_id
|
||||
});
|
||||
} else if (person_id) {
|
||||
search_query.and.push({
|
||||
field: 'person_id_random',
|
||||
field: 'person_id',
|
||||
op: 'eq',
|
||||
value: person_id
|
||||
});
|
||||
@@ -621,7 +621,7 @@ export async function update_ae_obj__journal_entry({
|
||||
// }
|
||||
|
||||
// if (obj_li && obj_li.length) {
|
||||
// // let obj_li_id = obj_li.map((obj: any) => obj.journal_entry_id_random);
|
||||
// // let obj_li_id = obj_li.map((obj: any) => obj.journal_entry_id);
|
||||
// const obj_li_id: string[] = [];
|
||||
|
||||
// for (const obj of obj_li) {
|
||||
@@ -785,7 +785,7 @@ export async function update_ae_obj__journal_entry({
|
||||
// try {
|
||||
// id_random = await db_journals.journal_entry.put(obj_record);
|
||||
// } catch (error) {
|
||||
// console.log(`Error: Failed to put ${obj.journal_entry_id_random}: ${error}`);
|
||||
// console.log(`Error: Failed to put ${obj.journal_entry_id}: ${error}`);
|
||||
// }
|
||||
// } else {
|
||||
// if (log_lvl) {
|
||||
@@ -926,7 +926,6 @@ async function _process_generic_props<T extends Record<string, any>>({
|
||||
// --- Common Transformations ---
|
||||
|
||||
// 1. Standardize ID and other '_random' fields
|
||||
// The API often returns fields like 'person_id_random', which need to be aliased to 'person_id'.
|
||||
for (const key in processed_obj) {
|
||||
if (key.endsWith('_random')) {
|
||||
const newKey = key.slice(0, -7); // Remove '_random' suffix
|
||||
@@ -934,7 +933,7 @@ async function _process_generic_props<T extends Record<string, any>>({
|
||||
}
|
||||
}
|
||||
// Ensure 'id' is set from '[obj_type]_id_random'
|
||||
const randomIdKey = `${obj_type}_id_random`;
|
||||
const randomIdKey = `${obj_type}_id`;
|
||||
if (processed_obj[randomIdKey]) {
|
||||
(processed_obj as any).id = processed_obj[randomIdKey];
|
||||
}
|
||||
@@ -982,7 +981,7 @@ export async function process_ae_obj__journal_entry_props({
|
||||
// Inject journal_id if provided and missing
|
||||
if (journal_id) {
|
||||
if (!obj.journal_id) obj.journal_id = journal_id;
|
||||
if (!obj.journal_id_random) obj.journal_id_random = journal_id;
|
||||
// if (!obj.journal_id_random) obj.journal_id_random = journal_id;
|
||||
}
|
||||
|
||||
// Content processing
|
||||
|
||||
@@ -39,11 +39,11 @@ export interface Journal extends ae_Journal {
|
||||
export const journal_field_li = [
|
||||
'id',
|
||||
'journal_id',
|
||||
'journal_id_random',
|
||||
// 'journal_id_random',
|
||||
'account_id',
|
||||
'account_id_random',
|
||||
// 'account_id_random',
|
||||
'person_id',
|
||||
'person_id_random',
|
||||
// 'person_id_random',
|
||||
'code',
|
||||
'name',
|
||||
'short_name',
|
||||
@@ -88,11 +88,11 @@ export interface Journal_Entry extends ae_JournalEntry {
|
||||
export const journal_entry_field_li = [
|
||||
'id',
|
||||
'journal_entry_id',
|
||||
'journal_entry_id_random',
|
||||
// 'journal_entry_id_random',
|
||||
'journal_id',
|
||||
'journal_id_random',
|
||||
// 'journal_id_random',
|
||||
'person_id',
|
||||
'person_id_random',
|
||||
// 'person_id_random',
|
||||
'code',
|
||||
'name',
|
||||
'short_name',
|
||||
@@ -122,16 +122,16 @@ export class MySubClassedDexie extends Dexie {
|
||||
super('ae_journals_db');
|
||||
this.version(5).stores({
|
||||
journal: `
|
||||
id, journal_id, journal_id_random,
|
||||
id, journal_id,
|
||||
code,
|
||||
account_id, account_id_random,
|
||||
person_id, person_id_random,
|
||||
account_id,
|
||||
person_id,
|
||||
name,
|
||||
enable, hide, priority, sort, group, created_on, updated_on`,
|
||||
journal_entry: `
|
||||
id, journal_entry_id, journal_entry_id_random,
|
||||
journal_id, journal_id_random,
|
||||
person_id, person_id_random,
|
||||
id, journal_entry_id,
|
||||
journal_id,
|
||||
person_id,
|
||||
code,
|
||||
template,
|
||||
name,
|
||||
|
||||
@@ -9,7 +9,7 @@ import {
|
||||
import { get_obj_li_w_match_prop } from './ae_utils__get_obj_li_w_match_prop';
|
||||
import { file_extension_icon } from './ae_utils__file_extension_icon';
|
||||
import { file_extension_icon_lucide } from './ae_utils__file_extension_icon_lucide';
|
||||
import { process_permission_checks } from './ae_utils__perm_checks';
|
||||
import { process_permission_checks, compare_access_levels } from './ae_utils__perm_checks';
|
||||
import { iso_datetime_formatter } from './ae_utils__datetime_format';
|
||||
import { is_datetime_recent } from './ae_utils__is_datetime_recent';
|
||||
import { extract_prefixed_form_data } from './ae_utils__extract_prefixed_form_data';
|
||||
@@ -331,6 +331,7 @@ function shorten_filename({
|
||||
export const ae_util = {
|
||||
is_datetime_recent: is_datetime_recent,
|
||||
process_permission_checks: process_permission_checks,
|
||||
compare_access_levels: compare_access_levels,
|
||||
iso_datetime_formatter: iso_datetime_formatter,
|
||||
clean_filename: clean_filename,
|
||||
format_bytes: format_bytes,
|
||||
|
||||
@@ -2,7 +2,34 @@ type key_val = {
|
||||
[key: string]: any;
|
||||
};
|
||||
|
||||
// Hierarchical Order (Highest to Lowest)
|
||||
export const access_level_order = [
|
||||
'super',
|
||||
'manager',
|
||||
'administrator',
|
||||
'trusted',
|
||||
'public',
|
||||
'authenticated',
|
||||
'anonymous'
|
||||
];
|
||||
|
||||
/**
|
||||
* Compares two access levels based on the hierarchy.
|
||||
* @returns 1 if level_a is higher, -1 if level_b is higher, 0 if equal.
|
||||
*/
|
||||
export const compare_access_levels = function (level_a: string, level_b: string): number {
|
||||
const index_a = access_level_order.indexOf(level_a || 'anonymous');
|
||||
const index_b = access_level_order.indexOf(level_b || 'anonymous');
|
||||
|
||||
// LOWER index means HIGHER priority in the array
|
||||
if (index_a < index_b) return 1;
|
||||
if (index_a > index_b) return -1;
|
||||
return 0;
|
||||
};
|
||||
|
||||
// NOTE: I know there is a better more efficient way to do this, but I don't have time for that right now.
|
||||
// Reminder: super > manager > administrator > trusted > public > authenticated > anonymous
|
||||
// Super is the highest level. Anonymous is the lowest level.
|
||||
export const process_permission_checks = function process_permission_checks(access_type: string) {
|
||||
// let access_checks = { 'access_type': null, 'super_check': null };
|
||||
const access_checks: key_val = {};
|
||||
|
||||
@@ -163,9 +163,9 @@ export interface ae_Journal extends ae_BaseObj {
|
||||
*/
|
||||
export interface ae_JournalEntry extends ae_BaseObj {
|
||||
journal_entry_id: string;
|
||||
journal_entry_id_random: string;
|
||||
// journal_entry_id_random: string;
|
||||
journal_id: string;
|
||||
journal_id_random: string;
|
||||
// journal_id_random: string;
|
||||
|
||||
person_id?: string;
|
||||
person_id_random?: string;
|
||||
|
||||
Reference in New Issue
Block a user