Implementing row based access based on role - laravel

I have created a table that contains Ticket information, with an id, message body, user id and department id.
I would like to be able to limit access to these tickets, such that only users from the corresponding department can access the relevant tickets, and can not view other department's tickets.
I have attempted to make an updatable view for each department and granting select on this, but it does not work very well.
Is there a simple way to achieve this kind of role based access?

Related

What is the "customer's user ID"?

In the Preventing duplicate Items article, it mentions that you can use a specific combination of fields to determine if there are duplicate items or not. And specifically OAuth institutions, it says the combination of fields are: customer's user ID and institution_id. I'm confused what the customer's user ID is. I'm not familiar with this identifier. Can somebody explain?
The customer's user ID would be a value in your own application's business logic, not part of the Plaid API. In most Plaid use cases, alongside an Item, you would typically store some kind of user id that associates it with a specific user in your system. The logic here is saying that if the same end user in your system has multiple Items with the same institution, they are probably duplicate Items.

Dynamic parameters for views in Dynamics 365

I have a Account Relationship entity with two lookup fields called Recipient Account and Guide Account. I would like to be able to go on an Account and see all records where the Account Relationship's Recipient Account and Guide Account are set to the account I'm viewing.
In CRM, I can definitely create a view to fetch all account relationships on the Account Relationship entity and then inside the Account entity's form I can include the view with the data source set to Related Records Only and the entity set to Account Relationship (Recipient Account). But I can't do both in a single view.
Through what mechanism can I have it all be in one view? One thing I was considering was creating separate grids, one for Recipient Account and another for Guide Account. But I want to know if there is a mechanism where I can combine all records that have "Recipient Account = Current Account or Guide Account = Current Account" that is basically the query I want to run.
You could use connections. It's pretty flexible and will fulfill your needs as long they stay simple. That's the only viable option I see aside from using two views.
Keep only one subgrid of Account Relationship N:N intersect entity (either Guide account or Recipient account relation)
Register RetrieveMultiple pre-operation plugin to intercept the query & pass the custom fetchxml query by incorporating or filter
Fetchxml has to be built something like explained
Try this unrecommended if you wish but two grids are better choice. This alternate solution also you can try.

parse.com - Possible to 'and' multiple ACLs?

Using parse.com.
I have the following format set up:
City roles
Department roles
Users that belong to a specific Department and City combination (i.e. user has relation to Department and City role)
I have a Register class. I want to restrict access to an object in that class to a user that belongs to BOTH Department AND City. Is that possible?
I know I could have a new role for each City+Department combination but I could end up with hundreds of roles. That seems incorrect/inefficient.
Is there a good way to do this?

Correct Many to Many friends relationship for users

What is the correct way to relate users in parse to one another as friends?
I also want users to be able to query other users but not see all fields, like emails. Is there a way I can create a view on the users table with cloud code, and only return this to the client code?
I was thinking I can create a friends table that will have two columns with 2 pointers, 1 for each user.
thanks for any advice.
I was thinking I can create a friends table that will have two columns with 2 pointers, 1 for each user.
I'll do that too, with a status column to handle pending, blocked...etc
I also want users to be able to query other users but not see all fields, like emails.
You have to add a privateData column on user with ACL restricted to owner only, which would contain private infos such as emails...etc

MVC3 User Authentication link

In my application I have an administrator who can create Tournament objects. When the object is created the service also creates a user (based on the tournament director's info which was entered at creation). The username for the user is the director's e-mail, the password is randomly generated and then mailed to the director.
When the director logs on with his e-mail address and password, I need to be able to link him to his own tournament, in order to only allow him to edit his own tournament's details. I have tried to find a way to store the TournamentId in the default ASP Net Users database, but was unsuccessful.
I had a look at this SO question which would certainly help me, but I can't figure out how it would apply to my problem. When the user logs on, I can't put the TournamentId in the userdata seeing as I don't know it.
Should I then do a lookup in the Tournament table to see which ID corresponds to the email address entered at login and store that in the userData? It seems quite unelegant this way.
I guess you should have a CreatedBy column in your Tournament table where you store the ID of the user who created the tournament. Then when the user logged in, get his id ( may be from session ,if you store it there), Do a select query where CreatedBy=loggedInUserId .That should do the trick.

Resources