Restrictions vs Permissions -


this strange question, trying work out how create right "permissions" users , came conclusion "restrictions" might better approach, except cannot see method online. assume doing logically wrong.

i have system of shipments. has several types of users/roles/perspectives(?).

  • admin (see all)
  • supplier (shipment owner)
  • factory (shipment receiver)

they can edit shipments. but supplier allowed edit under conditions, example shipment hasn't been shipped already! admin , factory worker however, can whatever want. suppliers , factories can edit shipments related them.

so @ first came these permissions:

  • editshipments (admin , factory , supplier)

but wait, works admins, don't want factories editing shipments of other factories (perhaps through editing post data or playing api). same supplier.

  • editanyshipment (admin)
  • editownreceivedshipments (factory)
  • editownsentshipments (supplier)

now when doing edit, have determine if user owner, , use permission, or if user admin , let them want. ok.. guess. have write logic determine permission valid based on situation. that's quite annoying - , don't have solution except "functional permissions" have no idea how implement properly.

let's continue. want restrict suppliers able edit non-finished shipments.

  • editanyshipment (admin)
  • editownreceivedshipments (factory)
  • editownunfinishedsentshipments (supplier)

now lets want allow suppliers able edit shipments not shipping within next week. what.

  • editownunfinishedsentshipmentsthatarenotshippinginthenextweek (supplier)

right? gets ridiculous requirements continue change.

so coming current weird solution whereby written above "permissions" "added", instead looking other direction , making them "restrictions" "subtracted".

(admin doesn't need anything) * editonlyifrecievedtomyfactoryshipment (factory) * editonlyifisunfinishedshipment (supplier) * editonlyifisnotshippinginaweekshipment (supplier)

what doing here , how 1 implement this? there kind of design pattern around idea?


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -