How to set up tiered access privileges?


#1

I’m using restful_authentication and role_requirement to handle use
authentication for my application. I’m wondering what the best way is
for me to set up tiered access privileges. Essentially, I want to
restrict access as follows:

  • some users will get access to one or more branches
  • some users will get access to one or more regions, including the
    branches within that region
  • some users will get access to an entire company, including the
    regions and branches within that company

When a person logs into the application, I want to show them data only
relevant to their particular branch if they only have access at the
branch level. Similarly, when a person logs in that has access to an
entire company, I want to be able to show them company data, regional
data, and branch-level data.

Should I set up three separate index tables (users_branches,
users_regions, users_companies), and then when the user logs in just
do three separate finds, one against each of these three tables, to
find out their access rights? Or is there a better way to do this to
cut down on the number of queries?

I hope I’ve been clear enough - let me know if I need to elaborate
more.

Thanks in advance!