Saravanan
2020-12-03 18:49:11
I don't think you need to search for a library or a framework to build this out, you can do the implementation as follows,
- Create a table that reads as
ProductPermissions - Make an entry for recordid, groupid, roleid in this table
- After a user is assigned a group, the relevant tables should have the values like
UserDetails,UserGroups,UserRolesetc - When I want to see the list of products that are accessible to me, I make a request to the
GetProductsAPI. - The API gets my userid from the authentication process, roles and group ids
- Now, you have to join the products table and the
ProductPermissionstable with the keys and filter by the groupid that I have been assigned. - The same logic applies for all the entity operations that I do, any action will be validated against the
ProductPermissionstable.
Note
In order to get a generic table than redundant ProductPermissions, you can have the table as EntityPermissions and then have the entityId (ex: Product, Category etc) as a column and that will be used a filter during joining so that you have a single table for all entities.