So guys,
I've been using Laravel 5 for creating my new web application which is to manage reviews for individual schools. And I've decided to utilize Cartalyst Sentinel package for RBAC.
So far I've setup 4 roles: Administrator, Principal, Staff, User
Administratorcan do anything throughout the web application like adding schools, users and reviews etc.Principalcan add/removeStaffandReviewson the school he is assigned by theAdministrator. Keep in mind thatPrincipalcan only assign existingUseras aStaffon school.Staffcan addReviewsto the school he is assigned by eitherAdministratororPrincipalUseris a default-role who doesn't have much privileges throughout the system.
The flow I'm using is Administrator creates users in the system who by default have User role assigned. And then he creates schools and once the school is saved, he then assigns User users as Staff or Principal.
Problem which I have: The roles in Sentinel work on Application Level but as I explained my web app, I also need Entity level permissions on individual users. So suppose, User A is Principal for School X but he might also be Staff for School Y.
How should I handle it in Sentinel? By introducing Entity/User mapping table or should I use Permission based access? If it's the Permission based access, where will the checks for User ID assignment for a given School will be programmed?
Hope my question is not too broad - I'll try to narrow it down further if needed. The fact is I've searched for hours but nowhere I've been able to get a proper approach of checking whether an action should be performed or not - Like checking if user "is staff" or by checking if user "can edit".
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire