Closed andrea-wood closed 3 years ago
Greetings! We appreciate your concern but weren't able to reproduce this issue or it is more of a question. As described in the API Platform contributing guide, we use GitHub issues for bugs and feature requests only.
For support question ("How To", usage advice, or troubleshooting your own code), you have several options:
Feel free reach one of the support channels above. In the meantime we're closing this issue.
Hi, I have an application where one user can be linked to multiples companies with distinct permissions. For example:
It's clear that I can't rely on the standard Symfony roles system in the User entity to check the permission of the user. My actual implementation is three tables User, UsersCompaniesPermissions and Company with this kind of relation:
User <--oneToMany -- UsersCompaniesPermissions -- oneToMany --> Company
The relation table between User and Company contains the roles field of the user for each company. To check the user's permissions I use on the GET operations a custom query with some SQL joins, and for the other operations (POST, PUT, DELETE) a custom voter. Even if it works, I feel it's not the best way to achieve this. Is this the right way to proceed?
P.S. Congratulations for the awesome work.