parse.com - Possible to 'and' multiple ACLs? - parse-platform

Using parse.com.
I have the following format set up:
City roles
Department roles
Users that belong to a specific Department and City combination (i.e. user has relation to Department and City role)
I have a Register class. I want to restrict access to an object in that class to a user that belongs to BOTH Department AND City. Is that possible?
I know I could have a new role for each City+Department combination but I could end up with hundreds of roles. That seems incorrect/inefficient.
Is there a good way to do this?

Related

Implementing row based access based on role

I have created a table that contains Ticket information, with an id, message body, user id and department id.
I would like to be able to limit access to these tickets, such that only users from the corresponding department can access the relevant tickets, and can not view other department's tickets.
I have attempted to make an updatable view for each department and granting select on this, but it does not work very well.
Is there a simple way to achieve this kind of role based access?

Database schema for kind of Hospital Management in Laravel

I am trying to start an application but it's not for managing hospital, it will be for doctors and patients. Where there will be multiple types for users will be able to login such as Doctor, Patients/Guardians.
Doctors can have multiple clinics at multiple locations and doctor can manage patient records. Once the patient account has been created by doctor then patient can take appointment from doctor or update his appointment status and many more stuff will be there next.
The thing is how to go with the ERD?
I will have
User //User accounts used to login in to the system
Doctor
Patient
Guardian
Role
Permission
These are the models I have currently created, but they don't seem right to me.
Should I remove role columns as I already have different tables for different pre-defined roles?
Or should it be there? But how to manage permissions on users if no roles table is there?
Also, most importantly, how to go with one to one with users? I mean should I go and create functions in user model such as:
public function doctor(){}
public function guardian(){}
public function patient(){}
Or is there a better approach to follow?
If they are all users, you can extend different users from a base user model.
If they require different columns in database, consider single table inheritance.
If roles are static, I would create a class called UserType and have constants of each user type mapped to an integer. In the database, the user table will have a type column which is mapped to this integer.
For example:
class UserType {
const DOCTOR = 1;
}
In your application you'll be able to check the type of user by doing $user->type === UserType::DOCTOR
In the Eloquent itself, you can extend newFromBuilder method to check the type attribute and return the child class (like Doctor) instead of User. So even when you do $user = User::find(1);, you'll still get the class Doctor.
When creating users, you can just create Doctor itself but make sure in __construct to set the appropriate type attribute.
So now you have a base User class, your shared functionality can go here. Specialised methods such as relation to clinics can go in the Doctor class.
This is somewhat similar to the above: https://github.com/Nanigans/single-table-inheritance

How can I distinguish between students and teachers?

Using the Google Classroom API method userProfile, I can get various information about a user, including their name and email address, but not whether they are a student or teacher. How can I determine whether a user is a student or teacher?
Classroom does have the concept of teachers and students, however the distinction between teachers and students is only meaningful relative to a particular course (it’s possible for a user to be a “teacher” of one course and a “student” of another) and so you might not be able to use these categories to apply access controls in the way you were expecting.
For example, if alice#school.edu is a member of a particular course’s courses.teachers collection, and bob#school.edu is a member of courses.students, then you can use this information to decide that bob#school.edu should not see certain content created by alice#school.edu. (For example, you might not want to show Bob the answers to a quiz that Alice has created on your website, just the questions.)
However, because by default all users can create courses, you probably do not want to show alice#school.edu sensitive information created by teachers of other courses, information intended for teachers that you provide (for example, if you are a textbook publisher), or giving her domain-wide admin features.
If you need to distinguish between “real-world” teachers and students, we recommend that you do this via a mechanism entirely separate from Classroom, such as checking that the user’s email address appears in:
a separately-maintained list of teachers (e.g. CSV uploaded by admin)
the classroom_teachers group – domain administrators can choose to verify teachers to allow them to create new classes (use the Directory API to list a user’s groups)
Classroom api dosent provide global role for a teacher or a student its vary from course to course so you can just call student/teacher api
after that you will get json output and you find a special permission for teacher "Create Course" it will help you to recognized that the person is teacher.
"permissions": [
{
"permission": "CREATE_COURSE"
}
]
in case of student this array will be null.

Many to many relation for a user to regions and roles

In my application there was a many to many relation between a user and regions, and the same for user and roles.
Previously a user had many regions under one city. Also, a user had many roles in one city, primarily Admin as the second role.
Now there's a change in the system. A user can have two roles in multiple city.
For example: User A has 4 regions. 2 regions belong to city X and 2 belong to city Y. And user has two different roles in city X and city Y.
My current schema is below:
User
belongsToMany('App\Region', 'user_region', 'user_id', 'region_id');
belongsToMany('App\Role', 'user_role', 'user_id', 'role_id');
I used Entrust in Laravel for Roles and Permission.
How can I implement this new system with my existing schema? v1 is already on production. I need to change this in v2.

Complicated Eloquent Relationships

I have a many-to-many relationship, users and roles, which I have worked out just fine. However, I have another table I would like to relate as well, called leads. A user and that user's role can be assigned to a lead.
So for example, I've created a Role and let's call it 'Manager'. Now, when I am managing my Users, I'd need to be able to assign different users to different roles which will be a many-to-many relationship (a role can have many users, a user can have many roles). So I will assign the role of 'Manager' to User A.
Now, when I am modifying my leads, I'd like to be able to assign a role_user to my lead (In my example, I'd like to assign a user to that lead), but I'd first need to assign a role to that Lead (Manager), and then be able to assign a user that is of that role to that lead.
Currently, I've got a many-to-many relationship setup for users and roles, using the pivot table name role_user. I've then got a many-to-many relationship setup on that pivot table, role_user, and leads, using another pivot table named lead_role_user.
Models + Controller - http://paste.laravel.com/D6h
My error: Call to undefined method Illuminate\Database\Query\Builder::roles()
It feels as though I am making this much more difficult than it should be.

Resources