I need a possibility to define rights based on roles. The roles I get are ActiveDirectory groups the user is a member of (e.g. "developers", "support", "operations"). When restricting a route, e.g. "create_item", I do not want to list the roles that are allowed to do this, but the right the user has to have. This right could be called "create_item" or more general "item_management", depending on the granularity needed.
Now I want to define a mapping in the config file that says:
create_item: developers, operations
which means that you can create an item if you are in the developers or in the operations group. One could extend this to be able to define that a right needs all roles listed.
So if a new role comes into play, I do not have to change the code but only the config.
We should add new keywords like require_right and so on.
Is this something others would also need? I could try to provide a pull request.
I need a possibility to define rights based on roles. The roles I get are ActiveDirectory groups the user is a member of (e.g. "developers", "support", "operations"). When restricting a route, e.g. "create_item", I do not want to list the roles that are allowed to do this, but the right the user has to have. This right could be called "create_item" or more general "item_management", depending on the granularity needed.
Now I want to define a mapping in the config file that says:
which means that you can create an item if you are in the developers or in the operations group. One could extend this to be able to define that a right needs all roles listed.
So if a new role comes into play, I do not have to change the code but only the config.
We should add new keywords like
require_rightand so on.Is this something others would also need? I could try to provide a pull request.