Answer the question
In order to leave comments, you need to log in
N
N
no0ob2016-05-06 22:36:33
no0ob, 2016-05-06 22:36:33
How to define permissions to access an entity?
There is a web application in which there are 3 types of groups (Group_1, Group_1 Object, Group_2) (groups are stored in one table).
There are users, each of which can have different rights to different groups (a user can have many groups, all of a different type).
What is the best way to define access rights to a group in an application? One of the thoughts is to pass the group ID in each request. But I don't really like this idea, because, for example, Object_group_1 has a discount that can be accessed by identifier, and it turns out that when editing this discount, you also need to pass the ID of object_group_1, to which the discount applies. It seems to me that it is possible to do something simpler, I just do not have enough brains.
1 answer(s)
@Dywar
M
MrDywar Pichugin, 2016-05-08 @Dywar
A request arrived to the controller, we found out which role the authorized user belongs to, based on this we make a request to the database. Not?
Or a request came from the user, they asked the database which groups are available to him, made a request to them.
Similar questions
A
Alexander Zaitsev2015-05-30 22:10:40
Is there a prettier solution to implement such a system?
1Reply
R
D
dgash22012021-04-20 00:13:28
How to create controller methods to create entities of 2 classes?
3Reply
V
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question