This is how I would set it up, we need at least 2 tables and we need to know if users can be assigned multiple rules or not. Lets just assume that they can only have a single role to make it simple.
In the users table we create a foreign key that points to the role id. The roles table will have fields for the id, name and the permissions it has.
So for what you describe we have a permission writeFeedback, we set this value for both Sales and Logistics roles to true. We can now simply check this permission with the security provider.
Now later a new role is added, an Manager role should be able to read the feedback given by Sales and Logistics, but it should not be able to write feedback itself.
We add a new permission readFeedback and assign it to the roles Sales, Logistics and the Manager. In the action that only reads the feedback we change the required permission and we are done. When later other roles also must have access to the same resource/permission you don't have to touch the code anymore, you could just manage it with the admin panel that you designed.
So you do have a to effectively create another role
OK, that's a working solution but it is probably more complicated than most would want, specially new users; not a problem for me as I am comfortable with SQL this type of approach. It has taken a very simple security provider module and added a considerable layer of complexity to manage multiple solutions
In my opinion permissions being OR rather than AND would be a much easier solution for then average user.
What about the possibility of two security restrict types, “Simple” for more basic scenarios where security restrict permission are OR and “Advanced” where they are AND.
Hello guys - i am having difficulties here. I had always been able to make a proper security provider in the past and login works well. But here of late I tried something new for a cause and thought I was thinking of it correctly until I saw this post and associated threads. I was under the impression I could setup my security provider to allow/disallow access to login by simply referring to a column in my database, as shown. I thought I could simply change the value in my database column “Actve” to a different character or number and thereby would not allow the user to login again, since one of the two conditions I state are different. For example, In this case if an Admin user has column “Actve” changed to a different number say “0”- the user would no longer have access. I have found it not to work. Can someone shed some light on this for me. I found this post/threads confusing.
