I would like to know if it is possible to separate the permissions by company using the fuel acl package. For example, I have company X, so when an user of this company accesses the system, I would like to load all the permissions of company X.
The ACL system is user centric, so you would have to emulate the notion of a company, either through a group (assuming a user works for one company), or via a role ("employee of X"). And then assign the permissions to the group or the role. And you can also assign multiple roles to a group if you need to seperate permissions in more detail.
But normally you would just work role based (a user performs a role in a company, and needs access associated to that role), and is "a company" not a permission, but a data item, which you might use as a filter. For example, a user working for company X in the role "bookkeeper" would be able to work with invoice and financial data in the system, but only those related to company X. You can't capture something like this in a permission system.
In one of our apps to which multiple clients have access, we use an observer and ORM relation conditions to implement automatic foreign key filtering. This will for example add "AND WHERE client_id = X" to every query to a table that contains a "client_id" field.
My database will have many clients(companies), and this clients will have many employees. When the employee logged into the system, I want to get all the permissions set for user groups of the employee's company that logged into the system.
I'll try the tip that you told me, using client id.
It's a matter of adding the column for the foreign key to the users table (if the relation between users and companies is a one-to-many) or create a many-many table between the two.
If a one-to-many case you could even decide to add it to the profile_fields, if you don't need ORM relations but use DB queries...
Donate
