I'm using restful_authentication and role_requirement to handle use
authentication for my application. I'm wondering what the best way is
for me to set up tiered access privileges. Essentially, I want to
restrict access as follows:
- some users will get access to one or more branches
- some users will get access to one or more regions, including the
branches within that region
- some users will get access to an entire company, including the
regions and branches within that company
When a person logs into the application, I want to show them data only
relevant to their particular branch if they only have access at the
branch level. Similarly, when a person logs in that has access to an
entire company, I want to be able to show them company data, regional
data, and branch-level data.
Should I set up three separate index tables (users_branches,
users_regions, users_companies), and then when the user logs in just
do three separate finds, one against each of these three tables, to
find out their access rights? Or is there a better way to do this to
cut down on the number of queries?
I hope I've been clear enough - let me know if I need to elaborate
Thanks in advance!