2

I have done a lot of reading on this but nothing stands out. I already have a authentication and authorisation system that can handle multiple guards and user roles (user, admin, super admin etc.)

I am trying to find out what is the best way to separate the system into totally separate accounts which have the following;

No login section

  • Landing page. Anyone can see without login.

Admin Section

  • Admin side of the system has a super-admins and then multiple admin-users.
  • These users can see all data from every user who has an account on the client side.

Client Section

  • Each user account has an owner who deals with billing, their own user admin etc.
  • Each client account also has a number of users (admin-users, editor-users etc.) with varying permissions.
  • Users on this side should only ever be able to see their own accounts data. They should not be able to ever see other accounts data.

Before Laravel, I would have an accounts table and assign a unique key to each account. Then a separate users table would contain the user along with their account key.

All database tables from this point onwards (posts, products, shipments etc.) would also have this key to ensure that the user account could only see their own data.

On top of this there would be permission tables, for granular control of what each user from either side can see.

Is my original way still suited to Laravel or is there a better way?

Improve this question
1
  • I think there are many concept you must cover in your question, however to support a granular control, I'd recommend you to check a ABAC approach. Check this. github.com/thekordy/auzo Commented Apr 17, 2018 at 19:49

2 Answers 2

Reset to default
3

To separate out the accounts into their own "ecosystems" within the same code base is called multi tenancy. Basically, you scope your applications queries based on the user id and/or role which limits the available data to any given user.

Have a look at the Landlord Package.

In a very basic summary, what it does is add a where('tenant_id, auth()->id()) clause to every applicable query.

You can of course either omit the clause entirely for super admins to access all data, or apply even tighter constraints, say by adding a check for the user's role in addition to the clause, further limiting what a user can access within their respective account/organization/group etc.

Scoping can be done by any kind of relationship, you're not necessarily limited to the authenticated user's id. If your application has organizations for multiple user's you can use the organization id.

Multiple tenant ids is also possible, where a user must belong to an organization and a certain division within that organization.

Another package I've used previously is Hyn's multi-tenant.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you. Thats a new term I have not heard of before - a quick google search and its opened up a whole world of the kind of info I am looking for! I'll check your package suggestion too.
1

We have same project as you mention . We create a company table and put it on the top of the hierarchy.

Then add new field all tables as company_id And manage models over Policy -> https://laravel.com/docs/5.8/authorization

I hope this help

Improve this answer

1 Comment

Hi, care to elaborate on how to write the policy etc?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.