We are about to begin the development of an application in Laravel 5.1 which requires tracking of every feature present in the application and consequent granting of user access on the fly.
Say for eg - Photos is a feature in the application. The owner can upload, view, delete, edit pictures. However a manager can have the permission to only upload and view pictures (the other options though available, will result in a pop up explaining the restriction to carry out the action).
Architecture wise, we have decided to have a database table listing features and an id associated with them. There will be another table mapping user to feature.
However the part we are struggling really is to decide how to track which feature is the user trying to access.
Our possible options till now are -
- Aspect Oriented Programming. To have join points defined and check user permission before method execution.
- Storing the feature id in the session and using the same on every call to the server to check if the user can access using the mapping table
Which of the above two is a better approach ? Any other better approach possible ?
Aucun commentaire:
Enregistrer un commentaire