mardi 23 juin 2015

Record level permission and entity structure permission

I am busy changing my permission to handle more scenarios. So my requirement is i must be able to tell what entities a user can see and what part of a entity type the user can see/edit/remove.

so user 1 can see "property"(entity) : 1,2,3,4,6 but he is only be able to see field : name,address,price but can only edit name.

So the first permission is record/row level permission and second is structural permission(sort of :-))

Now i got the first one pretty much worked out called it dataRole gave it a name, entityType and query(elasticsearch query). Then i take those and generate alias on elasticsearch using query for every datarole. So when a user ask for a specific say property i combining all dataroles(multi index query) where entityType is property and do a HEAD request.

Now the second part is confusing me a bit. Can't seem to find a design pattern to represent this. Was thinking of something like mssql permission where you say what object = property field/column = name and then permission =(bitwise).

Any ideas.

thanks

Aucun commentaire:

Enregistrer un commentaire