User roles and what they can see

Question

I have a question on how one would approach my scenario.

I have or will have a authentication system that will allow for users roles. So I require a super admin who will be access everything on the web app, admins who can only view their dashboard by id.

So a super admin can login and create dashboards will contain various pieces of information like teams, members and scores. There will be admins who can also create dashboards and view only the dashboards they have created. Super admins can see any dashboard created and users who can only see not create any dashboards but see the dashboards they are associated to by id.

I thought I would pose this question before i even begin to figure it out and see if anyone had any insight on the best approach.

My urls will be like www.mysite.com/index.php?dashboard_id=1

If user who are associated with that dashboard by Id they can only see that dashboard and no others, the same applies to admins, however super admins can see any dashboard. Im looking for the cleanest method.

Answer 1

I don't know how you're writing it , or are you using some framework etc.

There is quite good concept for your problem implemented in symfony framework, and it's called voter

Idea is that a single service decide what to show/allow to edit based on logged user .

Look at http://symfony.com/doc/current/security/voters.html.

I know that if you don't use framework, this voter idea could be too complicated for you , but idea of it is nice and clean .

That's the main reason wy peopel learning frameworks, with framework you're getting tools like this "out of the box" :)