laravel - issues about permission management and the way to display views
PHP中文网
PHP中文网 2017-05-16 16:52:00
0
1
485

I am currently working on an enterprise application HRMS, but there are some issues in permission management that I cannot think through:
1. Permission determination at multiple granularities:
Department-based permissions

  • Basic module permissions

  • Personnel module permissions

  • Administrative module permissions

  • Recruitment module permissions

  • Training module permissions

Among the above five modules, the last four depend on the first module, so some private data such as attendance data viewing will be placed in the basic module permissions.

Position-based permissions

  • Director

  • Senior Manager

  • manager

  • General staff

The basic module also contains the initiation process, but ordinary employees cannot approve the process. Only at the manager level can the process initiated by subordinate employees be opened.

Users are directly linked to permissions
Because in the actual production environment, some people will be assistant directors or hold multiple positions. For this situation, I will let the user directly use the user_permisson table management.

Question 1: Data model design

Would it be more troublesome to verify the design later?

Question 2: The interfaces displayed by different departments and positions are slightly different. How to implement this? (It is best to load in ajax mode)
For example, the personnel department can see the resume library and personnel information based on the basic module. The manager level can approve subordinate employees, team performance and other data.

Waiting online for answers from experienced experts, thank you very much!
This project is based on Laravel 5.2.29. It is currently being worked on by one person and is planned to be open source.
If you are interested, you can develop together.

PHP中文网
PHP中文网

认证0级讲师

reply all (1)
为情所困

Have you consideredRBAC? A department can be a role, a position can be a role, and a user's special permissions can also be divided into an independent role. Your idea is correct. The post-verification trouble you are worried about should refer to the permission association table. Too many will cause query timeout, then store the permissions in NoSQL.

Regarding the second question, if the display is different, it is best to combine the display of the menu with the permissions. There are pure permission items + menu items in the permission table

    Latest Downloads
    More>
    Web Effects
    Website Source Code
    Website Materials
    Front End Template
    About us Disclaimer Sitemap
    php.cn:Public welfare online PHP training,Help PHP learners grow quickly!