Once again I'm pretty lost, the same place as other projects I've started xD A "closed" application, where a login is required to access the site. Users are assigned to groups, and should only be able to see challenges, ideas, ect from the group they are assigned to. But I'm really interested in how others would tackle the permissions in such case. Right now I'm making a lot of extra queries in the repositories to check if a user is in the group the challenge was created in. At the first relationship it seems okay, but do anyone have a suggestion to doing it when the relationship fx is user->groups->challenges->concepts->comments ? It becomes very "cluttered" with just checking if the auth::user can see the comment :/
I have seen a lot of auth packages, but they are all more "generel" (can the user see this TYPE of content), and that's not what I need :/
If members of the site can only see content that has been published by their group of users then I would simply add a group_id column to the tables containing content and filter the output by the users group.
carbontwelve said:
If members of the site can only see content that has been published by their group of users then I would simply add a
group_idcolumn to the tables containing content and filter the output by the users group.
So add group_id to every table? O.o Would proberbly make it easier, but it just seems... wrong xD
You could in that case have one polymorphic table for group permissions - its the same thing but concentrated into one area.
Sign in to participate in this thread!
Laravel
Laravel News
Laracasts
Laravel Podcast