entrust icon indicating copy to clipboard operation
entrust copied to clipboard

Published 20 hours ago verified publisher icon Zizaco

Separate roles for separate accounts

Open tdolph opened this issue 9 years ago • 9 comments

Hello!

I am creating a website where multiple companies can join and they should be able to create their own roles and permissions. How can i achieve that?

I wonder if the package would benefit with adding an additional parameter to only get roles attached to an account id or something.

tdolph avatar Feb 10 '16 08:02 tdolph

Simply do it yourself by adding a company ID in your roles and permissions tables. It's up to you then to show in the ui just the roles and permissions that each company creates and can use/assign

Although the I have a feeling you are taking a wrong approach . Care to explain exactly your scenario?

unitedworx avatar Feb 15 '16 07:02 unitedworx

Thank you for the answer.

My scenario is this. A company can join the website. That company can have many employees (users) that have different roles (jobs). For example, accountant, offer manager, sales person. The companies admin can create roles and assign them to users and then that user has access to certain actions/pages that they need for doing their job. I have company_id on a lot of db tables to separate records of different companies.

What would you suggest?

Maybe im better off creating my own code than modifying this package... because, for example, updates.

tdolph avatar Feb 15 '16 09:02 tdolph

My understanding is that permissions will be already defined in the system and tied to specific code! e.g Add Invoice, Edit Invoice, Delete Invoice.

Its your Roles that you need to connect to specific accounts and allow e.g a company to define a User Role who has permission to e.g Add Invoice and Edit Invoice. And another company created a User group that will check for Add Invoice, Edit Invoice, Delete Invoice.

You system as a whole will have all the groups but you will show groups only to the ones that their own company creates them.

unitedworx avatar Feb 15 '16 14:02 unitedworx

@tdolph I guess what you're looking for is Multi-tenancy I believe you can use this package with a multi-tenant package. (you will have to experiment) And ofcourse what @unitedworx said should work fine for you!

bh-rat avatar Feb 16 '16 17:02 bh-rat

Okay, then i just add company_id foreign key to role table and thats it. Then i only show those roles to a company that they have created... right. And yes, permissions will probably be fixed just like you said.

One problem is that role names have to be unique. I suppose i could attach company id to a role name to make it unique and only show display name in UI.

And, i can never use role names as identifier if im checking for permission to do something, i will always have to check for permissions... but since permissions are fixed and every company ads those permissions to their specific role, i do not think i will have a reason to check for role name.

Thanks for the help :) I think i got it now.

tdolph avatar Feb 26 '16 10:02 tdolph

an advice please. my case is similar:

-company A -company B -contractor company X -contractor company Y -Admin

select roles on company A could check jobs they have done with contractor companies on the other side selected roles on contractor company Y can see all jobs they have done with companies Admin(me) can check all the jobs

what is best way ?

ghost avatar May 28 '16 19:05 ghost

@tdolph I know this issue thread is old but were you able to successfully implement multi-tenant approach with this library? Did you face any difficulties?

iamroi avatar Jul 02 '17 05:07 iamroi

@mrajabtech I ended up writing my own for my specific needs.

tdolph avatar Jul 03 '17 07:07 tdolph

hi @tdolph , could you please explain me how you have written your own i mean what is the table schema and how this package is helpfull

knvpk avatar Apr 19 '18 10:04 knvpk