this is my first post. i'm kinda new to such big works so i'm wondering if i'm using the right architecture for the stuff i'm doing.
I'm working on a project made in php and react, with laravel framework. It's a sort of ERP.
- There is a father company and many child companies
- Each company can have different user roles, and each role can do certain actions
- The users of father companies can do actions (role-based) on child companies too
- The users of child companies CANNOT do actions (role-based) on the father company
- If a user log, he must only see certain submenus and forms (based on his role)
My questions:
-
What's the best way to do a safe login? Should I use Laravel Passport? it should be based on a single user table and the system should provede a response based on the role of the user
-
For the authentication i read it could be useful to use Laravel Polocies. But actually i figured could be better to use a middleware that will check if the user token sent with the api request corresponds to the user and another middleware to check if that specific user has the permission to call that precise endpoint. How should i set the permissions in this case? with a database table for the users like linux chmod system? with a chain of if that checks the roles?
-
do you guys think it's a good architecture or it's not the best way to do what i need? would you suggest me a better way? or articles to learn more about this?
I hope my question is not silly and i hope you guys will help me. If this is not the right place to ask this, can you please tell me where should i post this? Thanks
Thank you so much
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire