Handling many different types of roles and data retrieval.

Let's say you had 10 different user levels in an task management system. All these user levels have different access to the tasks themselves, as well as the actual attributes for each task. For example, a super admin might be able to see all the tasks, and a manager too. But the manager only sees a certain subset of attributes for those tasks. On the flip side, a regular would only see their own tasks, and a different subset of the attributes too.

What kind of design pattern or method would you use to handle something like this? It's different for each of the user levels, and I'm trying to avoid having to add switch statements everywhere. For simple things, it's totally fine. But when it's everywhere, it seems like a code smell.

That's basically what I'm trying to find a good solution for. There's something else where I'm returning an array to the view, but the array would be populated with different sets of information depending on the user level. I'm trying to limit the sent data, even if it doesn't show up, because I'm using Angular on the front. So it's pretty simple to check the response for that data.

jekinney

10 years ago

Level 47

When dealing with complex set up, a full roles and permissions mane what you need.

In that type of set up the actual role is not nessesarly important, permissions are. So for each part you want to limit access a user must have a permission assigned.

So you might have 200 plus permissions (exaggerated). In order to keep things sane, you group permissions to a role via pivot table. So a role can have one or many permissions.

You assign a role, possibly more then one but imo not recommended, to a user via pivot table.

This way as you add features you can add permissions but your roles are dynamic. So a subscribed customers can manage access by making new roles and assign permissions to the role and assign that new role to thier users as nessesary.

Please or to participate in this conversation.