This repository has been archived by the owner on Sep 20, 2021. It is now read-only.
allow/deny on service + permission combination #33
Assignees
Labels
Comments
|
Hello :-), So you have:
The group Administrators has one user: Peter, and two shared services: Service A, and Service B. Permissions are set on groups, not on users or services. Currently there is 2 permisssions: Read, and Write. What you would like to do is to add a new permission: View, only for Service A, not for Service B. Is that right? This is not possible. Instead of setting services on the group, maybe you can move them on the users, so that they are not shared, but owned. Something like: // Peter owns the Service A. The service is not shared.
$peter->addServices([$service_a]);
// Create the View permission and set it on the group.
$view = new Permission('view');
$acl->allow($administrators, [$view]);Then you can query something like: $acl->isAllowed($peter, $view, $service_a); // expect `true`
$acl->isAllowed($other_user, $view, $service_a); // expect `false`If you woud like to dynamically add the service on the user if it belongs to a specific group, you can do: if ($administrators->userExists($peter)) {
$peter->addServices([$service_a]);
}Thoughts? |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm having trouble specifying permissions. It seems like this is not implemented, unless I missed something.
I have this code:
How can I give the group view-permission on service-A, but deny view-permission on service-B?
Imagine I cannot delete the service from the group, because I need it for other permissions.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The text was updated successfully, but these errors were encountered: