mix359

Multi user type model and auth

Posted 2 years ago by mix359

Hi to all,

I've a strange situation, that initially seam simply, but it's really complicated to approach. I've to create a system that it's used in a school, so that have 3 different types of users:

  • Student
  • Parent
  • Teacher/Personal

My initial idea was to use 3 different Models/tables, one for user type. In this way is more simple to write many of the relation and controller code. And for the moment this approach worked, because I was only having the teacher/personal to login into the system. But now I have to permit the login of the students and the parents, that should see different thing, etc

To do that I've see to way, but I don't know which is the best/clearest:

First way is to use a common Account model, where all the users is, and a flag on the table that represent the user type. Then I will have the other 3 Model (Teacher, Student, Parent) extend the Account model, pointing to the accounts table, and having something like that:

public function newQuery() {
        return parent::newQuery()->where('type', Account::ACCOUNT_TYPE_TEACHER); 
}

So every generic query that I made on the model, is filtered as a teacher.

I've used a similar approach in the past, and have worked well, but the situations was simpler that this.

In this way I've probably a better situation for the authentication and permission management, because I have the same basic Account for all the type of users, but this should probably create some more complex query.

Also I have to do other table that contain the data that is not shared from the various types of users: for example, a student have some information about his curriculum. And the difficult part is that I need some intermediary join table to some other table, for example a student will have a classroomId, and I need to have an intermediate table with studentId - classroomId. Or even more complex, a parent have a relation with the student, that is also in the same table.

Second way, have the three different Model and table for every user type. The pro of this solution is that I can have the "extra" field (that are not shared from the various user types) directly on the table, so I will have simpler relations and join.

The cons is that I have to use a multi-auth system, and I have to keep track in all the code and all the other Model of the user type. For example, if I need to save on an entity the user that created it, I have to save the user type, and the id of that user in his table (that change from type to type)

That make also more difficult to manage the authorization/permission in the code, because I have to check the user type to select the correct user model, and then I can use the user id. So I need to modify or use a different auth system.

Thanks to all that can help me make this decision

I wish that this post is clear enough to understand what I'm trying to do :)

Cheers Daniele

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.