Ashok Dey jumpshare.com/v/39jkfebT1pa3qVC3CfiD
this would be more along the lines what I mean.
the user gets a direct permission as well because you either add him or you give him the right role.
still everything is going via the permissions so if you change these core permissions the user as well as the role will get restricted (if you want to have this)
I used the numeric permission set because I prefer it, it is taste the idea behind it is that it's a bitmask like in linux.
The advantage is you can just do a "&" binary and only the ones where both are 1 will get a 1 back. hence you can easily flat out all permissions just by binary operations. (issue ofc is the internal mapping of the application so a central role concept with only 1 place where all binary operations are happening is a must. otherwise you or another dev gets confused.)
This binary permission filter system is useful since the user can give the token specific access -> read and write for example. So if the user has read and write and the permission is read and write its "11&11" (3&3) which will be 11 (3 in dec) and he can have both. but if you change the permission below to only read "11&01" -> 01 (1 in dec) and your token permission cannot overrule the lower permission set.
this again is just from the top of my head :) and it's taste. I am sure you can optimize this model like 100 times better than I did. I just wanted to give some input and maybe it's valuable.
j
stuff ;)
on the first glance -> the token cannot be associated with any module or permission so it's always full access.
the token should be connected to permissions and the module. Sadly currently I don't have enough time otherwise I would take a look at this in detail.
I also prefer bit base permission system although we could argue about readability. and please ALWAYS "modifiedAt, createdAt" so you have a clue if things have changed :)