How to implement data access based on a table with user's permissions


#1

Hello there,

I’m having difficulty to come up with an “architecture” using dreamfactory and it would be nice to have some kind of help from you :smile:
I would like to control the access to data depending if the user is associated to an object.
For instance, I have several top groups that could have sub-groups, and a user that has access to the top group can also have access to its sub-groups. And I wish to have two kind of users, an ordinary user and a manager.

Also, I’m developing an AngularJS page and accessing the dreamfactory using dreamfactory’s SDK.


#2

Here are a few pointers, let me know if this answers your questions:

And I wish to have two kind of users, an ordinary user and a manager.

You can set up two different roles in the Roles tab.

I would like to control the access to data depending if the user is associated to an object.

In the Roles tab, you can assign data permissions for each role in a few ways. First, you can specify CRUD permissions for each individual table. If your data model has a ‘top groups’ table and a ‘sub groups’ child table, then you can fetch top groups and related sub-groups in a single API call. You can also specify record-level permissions with server-side filters. For example, you can have an ‘owner’ field (user id) on ‘top groups’ and specify a filter that says ‘owner’ = {user_id}. The server will enforce this rule so that only records created by the logged in user are returned in the query.

These blog posts and forum posts have more info:



Also, I’m developing an AngularJS page and accessing the dreamfactory using dreamfactory’s SDK.

You should also look at Michael’s user management module for Angular. This takes care of user registration and login. Also check out the data management directive he wrote.



How do I get a user's id
Returning the logged in user's name with a custom script
Record-level security: advanced filters and non-GET requests
Build my API Platform with DF