search

g33kidd / bracket

An eSports tournament framework built with Laravel
MIT License
35 stars 9 forks source link

Roles System #30

Open g33kidd opened 8 years ago

g33kidd commented 8 years ago

We need to make a roles system that is mainly for admins, but I suppose could be used on the front-end for things as well.

This would probably include a 'priority' or 'clearance' leveling system where an admin would be able to create roles based on that level. Or, there could be a set of default roles we choose and they can add/modify/delete roles as needed.

Here are a few that come to mind:

Keep in mind while multiple roles might have access to certain entities, they will still be limited on their actions they are able to take based on their 'clearance' level.

This could probably be done using some third-party package such as https://github.com/Zizaco/entrust

JenkinsDev commented 8 years ago

I'm not sure what your thoughts are when it comes to Permissions as a whole, but I think Roles and each individual permission should be separate entities. So instead of checking if a user has the right role, we would take a user's role and grab that role's permissions, then check to see if they have the right permission to do an action.

Let me try to lay it out better with a "graph":

- "G33kidd":
|
| - " Admin Role":
  |
  | -  "Permissions":
    |
    | - "create_tournaments"
    | - "view_all_tournaments"
    | - "update_all_tournaments"
    | - "delete_all_tournaments"
    | - "sign_up_for_all_tournaments"

- "JenkinsDev":
|
| - "Organizer Role":
  |
  | -  "Permissions":
    |
    | - "create_tournaments"
    | - "view_all_tournaments"
    | - "update_own_tournaments"
    | - "delete_own_tournaments"

Obviously the permission "keys" above aren't set in stone. Just throwing pseudo-data out.

g33kidd commented 8 years ago

Some ideas that come to mind that we could implement using Traits or something similar.

$user->able_to('create_tournaments'); $user->is('admin'); $user->is_able('mod', 'view_all_tournaments');

Basically a few methods to check for their role and check for the permission in the role. If we have a system where perm priorities is a think, these permissions could be bound to that level of permissions, which would then be tied to a role.