Dynamic permissions

Just a quick note on how we handling dynamic permissions in our application.
This may be useful to others.

In our application, the super user can create organizations. We want users belonging to an organization to see data of that organization. A user can belong to more than one organization.

When an organization is created, we also create a special permission for it. The slug contains the id of the organization.
For example: org:
So the corresponding organization role has a permission of org:. There can be other permission for administrators of that organzation (e.g. admin_org:).

This approach allows us to manage resources on an organzation basis using roles and permissions.

You’re doing it wrong. By doing it this way, you’re failing to take advantage of the most powerful part of UserFrosting’s access control system - access conditions!

Your “dynamic permissions” should really be a generic permission with a custom in_organization callback for its condition. This was actually one of the use cases that I had prominently in mind when I designed the system.

1 Like