Restrictions vs Permissions -


this strange question, trying work out how create right "permissions" users , came conclusion "restrictions" might better approach, except cannot see method online. assume doing logically wrong.

i have system of shipments. has several types of users/roles/perspectives(?).

  • admin (see all)
  • supplier (shipment owner)
  • factory (shipment receiver)

they can edit shipments. but supplier allowed edit under conditions, example shipment hasn't been shipped already! admin , factory worker however, can whatever want. suppliers , factories can edit shipments related them.

so @ first came these permissions:

  • editshipments (admin , factory , supplier)

but wait, works admins, don't want factories editing shipments of other factories (perhaps through editing post data or playing api). same supplier.

  • editanyshipment (admin)
  • editownreceivedshipments (factory)
  • editownsentshipments (supplier)

now when doing edit, have determine if user owner, , use permission, or if user admin , let them want. ok.. guess. have write logic determine permission valid based on situation. that's quite annoying - , don't have solution except "functional permissions" have no idea how implement properly.

let's continue. want restrict suppliers able edit non-finished shipments.

  • editanyshipment (admin)
  • editownreceivedshipments (factory)
  • editownunfinishedsentshipments (supplier)

now lets want allow suppliers able edit shipments not shipping within next week. what.

  • editownunfinishedsentshipmentsthatarenotshippinginthenextweek (supplier)

right? gets ridiculous requirements continue change.

so coming current weird solution whereby written above "permissions" "added", instead looking other direction , making them "restrictions" "subtracted".

(admin doesn't need anything) * editonlyifrecievedtomyfactoryshipment (factory) * editonlyifisunfinishedshipment (supplier) * editonlyifisnotshippinginaweekshipment (supplier)

what doing here , how 1 implement this? there kind of design pattern around idea?


Comments

Post a Comment

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

i've set bento/ubuntu-16.04 vagrant box using php 5.6, , getting following error quite few times when try , run shell script: "uncaught reflection exception: class domdocument not exist". i've tried adding following top of script (not together), each no success: "sudo apt-get install php5.6-xml", "sudo apt-get install php5-xml", "sudo apt-get install php-dom" i've tried resetting server "sudo service apache2 restart". does have suggestions?
Read more

vue.js - Create hooks for automated testing -

Image
qa guys complained can't automate frontend testing. because our html looks same outside. lazy hack did this <template> <div :role="$options.name"> ... </div> </template> <script> export default { name: 'vmcomponentname' } </script> which takes name script , applies html. in browser get: <div role="vmcomponentname"> ... </div> line :role="$options.name" goes in every component. is there dry er solutions? please share. additional details i'll explain in details looking for. imagine have vmusercreate form creates user. test case can create user . to automatically test without role, have use following selector: .wrapper > .wrapper > .wrapper > .submit-button the test extremely brittle (will break lot). if use roles can use [role="vmusercreateform"] .submit-button selector. many folds less brittle. so basically, i'm
Read more

.htaccess - ERR_TOO_MANY_REDIRECTS htaccess -

could can explain me .htaccess code doing? rewriterule ([0-9]+)/([^t]{1}[a-za-z0-9_-]{0,})\.([^s]{1}[a-za-z0-9]+)$ ../items/go.php?u=$1/$2.$3 i have folder : mywebsite.com/download/folder1/ .htaccess file in uplevel mywebsite.com/download/ folder contains code above. when access file directly path mywebsite.com/download/folder1/file.mp4 returns error : mywebsite.com redirected many times. try clearing cookies. err_too_many_redirects i tried clear browser cookies issue persist. issue solved when commented out htaccess line above. this rule appears looking specific pattern consisting of: <numbers>/<alphanumeric string not starting t , other conditions applied>.<alphanumeric string not starting s> then redirecting user's browser go.php parsed filename passed file arguments. err_too_many_redirects due infinite redirect loop. without knowing other rewriterule statements present difficult narrow down exact cause. can narrow down
Read more