#1 2020-08-03 11:29:14

Aknehsas
Member
Registered: 2020-08-03
Posts: 4

Per-record access rights

I am trying to implement different ideas with this powerful framework. Now I am trying the following: If a user is admin he must be able to get all records from a table otherwise he must get only records corresponding to particular condition. I know how to implement it on client side but I want to make this on servers side. In the documentation I have found how to implement Per-table access rights. How can I implement my idea with per-record access rights?
Thanks in advance!

Offline

#2 2020-08-03 13:34:34

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,673
Website

Re: Per-record access rights

Usually, we use two levels of authorization:
- one at the ORM layer;
- another at the business layer, i.e. your own service logic.

Per-record authorization should be implemented in your business layer, I guess.
This is not built-in in the framework at ORM layer.

Just add an authorization field to each record, containing e.g. a group ID.
Then check within your ORM queries.

Another way of implementing authorization is to have a SQLite3 database per user, or per group of user, or per company, or per branch.... on per whatever makes sense.
Put the sensitive tables in these separated databases.
Then you will gain perfect security, and also better performance, since all datasets will be available from a single DB file, so will maximize data and index caching abilities.
It will also have the advantage of easier migration to a dedicated server, or another server in the future.

Offline

Board footer

Powered by FluxBB