英文:
User-role-team based packages cannot manage authorization above the team's scope
问题
在我的应用程序中,一个组织可以拥有多个事件,用户可以在不同的事件中担任多种角色。到目前为止,一切都很好。我可以通过 user_id, role_id, event_id 之间的关系来处理这个。但问题是,我有一些角色是与组织相关的,例如:Owner(所有者), Admin(管理员),它们与事件无关。因此,先前的数据库结构无法解决我的问题,因为它仅限于用户在事件中担任角色。
我尝试过使用多态关系,基本上意味着用户可以在事件或组织中担任角色,如下:user_id, role_id, entity_id, entity_type。但这需要很多工作,而且我不知道是否是理想的解决方案。
我尝试过的方法:
我找到的一个解决方案是使用 spatie 的权限包,它支持团队。
所以基本上一个用户可以在事件中担任角色,也可以在事件中拥有权限。因此,我考虑使用组织的范围而不是事件的范围,然后给用户授权访问特定事件。例如:我邀请一个用户加入 组织 并让他/她成为 管理员,然后授予他/她管理特定事件或多个事件的权限。
这似乎可以工作,但问题在于,我只能为用户在该组织中分配一个角色,这意味着在所有事件中,因为现在的数据库关系是:
user_id, role_id, organization_id。
是否有办法让用户在不同的事件中分配不同的角色,同时还能在事件之外为某些用户分配一些角色?
英文:
In my application, an organization has multiple events, and a user can have multiple roles in different events. Until now, it's all good. I can just do a pivot relation btw user_id, role_id, event_id. But the problem is that I have some roles that are focused to the organization. Example: Owner, Admin and they're not related to the event. And therefore the previous DB structure cannot fix my problem, because it's limited to users having roles in an event.
I've tried going for a polymorphic relationship which basically means a user can have a role either in an event or an organization like so: user_id, role_id, entity_id, entity_type. But it's a lot of work and I don't know if it's the ideal solution.
What I've tried :
The one solution that I found is working with spatie's permissions package which supports teams.
So basically a user can have a role in an event. Also, a user can have permission in an event. So I figured that I work with the organization's scope instead of the event's scope and then give permission to the user to access a specific event. Example: I invite a user to the organization to be an Admin and then give him/her the right (permission) to manage a specific event or multiple events.
This seems to work, but the problem with it is that I'm limited to assigning one role to the user in that organization which means in all of the events, because now the DB relationship is:
user_id, role_id, organization_id.
Is there a way I can assign different roles in different events for the user, along with the ability to assign some roles outside of the events for some users?
答案1
得分: 0
你可以尝试以下方式,如果对你有用的话:
创建一个名为 user_event_roles 的表
它的结构会是这样的:
user_event_roles
id | user_id | event_id | role_id | created_at | updated_at | updated_at |
--------------------------------------------------------------------------
你可以将用户的 ID 存储在 user_id 字段中,以及与用户相关的事件的 ID 存储在 event_id 字段中(用户可以访问哪些事件),然后存储 role_id,即你想要分配给用户的角色。
如果这种方法不起作用,请分享你的反馈,这样我们可以找到其他解决方案。
英文:
Will you try following if this works for you?
create a talbe user_event_roles
its structure will be like
user_event_roles
id | user_id | event_id | role_id | created_at | updated_at | updated_at |
--------------------------------------------------------------------------
you can store user's id in user_id along with its event's id event_id (in which event user has access), and stored the role_id, the role you want to assign to user.
Please share your feedback if this approach doesn't work so we can find some other solution.
答案2
得分: 0
最终,在搜索和咨询其他高级工程师后,我最终选择了多态解决方案,这有点复杂,但以下是步骤的详细说明:
-
多态关系:
- 在
teams表和events以及organizations表之间建立多态关系。这允许一个团队属于事件或组织之一。
- 在
-
为组织创建团队:
- 为每个组织创建一个团队。该团队将用作与该组织关联的用户的容器。
-
邀请用户和分配角色:
- 邀请用户加入组织的团队。
- 在组织级别为用户分配角色,如所有者或组织管理员。
-
为事件创建团队:
- 在组织内创建事件时,为该事件专门创建一个新团队。
-
将团队分配给事件:
- 通过多态关系建立事件与其相应团队之间的链接。这确保了可以单独管理事件的权限,而不影响组织。
-
管理事件权限:
- 在事件的团队中为来自组织团队的用户分配角色,如事件管理员或主持人。这确保了在组织级别具有权限的用户也具有参与的事件所需的权限。
-
邀请用户加入事件团队:
- 邀请用户成为事件团队的一部分。
- 根据他们在事件中的责任,为他们分配事件管理员、主持人等角色。
英文:
Eventually, after searching and asking other senior engineers I ended up going with the polymorphic solution, It's a little complicated, but here is the breakdown of the steps :
-
Polymorphic Relationship:
- Establish a polymorphic relationship between the
teamstable and theeventsandorganizationstables. This allows a team to belong to either an event or an organization.
- Establish a polymorphic relationship between the
-
Creating Teams for Organizations:
- Create a team for each organization. This team will serve as a container for users associated with that organization.
-
Inviting Users and Assigning Roles:
- Invite users to join the organization's team.
- Assign users roles such as Owner or Organization Admin at the organization level.
-
Creating Teams for Events:
- When creating an event within an organization, create a new team specifically for that event.
-
Assigning Teams to Events:
- Establish a link between the event and its corresponding team through the polymorphic relationship. This ensures that permissions for the event can be managed separately from the organization.
-
Managing Event Permissions:
- Assign users from the organization's team roles like Event Admin or Moderator in the event's team. This ensures that users who have permissions at the organization level also have the necessary permissions for the events they are involved in.
-
Inviting Users to Event Teams:
- Invite users to be part of the event's team.
- Assign them roles like Event Admin, Moderator, etc., based on their responsibilities within the event.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论