[eluser]packetfox[/eluser]
Hello there,
i wonder if anyone can share general advice, ideas and best practices. I am in need of a pretty complex User permission System for an App i am working on. The App consists out of different Modules, and i need to be able to give Users different permissions to those.
For example:
Module1, Module2,Module3,Module4
User has Read access to Module1
User has Write access to Module2 so he can add or edit
For Module3, User can add new Records, but can only edit or update those that where originally made by him (I store the User ID in each Tables Record so i know who created what)
For Module4, The User can not write, but can Read, but only Records that where created by someone from his Group.
If you can please share ideas on how to go about implementing such a system, specifically how to store these above Business Rules. Also if you know of any 'must read' documents about implementing user roles, please mention.
I currently have a Group and a Roles Table; The Group associates the User with certain Groups. Duh. And the Roles table holds Roles, such as Module1_read, Module1_readown, Module1_edit, Module1_editown and so on. Then before displaying a certain Module Page to a User i check whether the Rule needed (eg. Module1_editown) is associated to his User ID and whether the Group the User is in has access at all.
Any input?
Many thanks and best regards,
D
