Hi i recently built a membership site.. i can change user permissions from admin Ex. User type (1) can contact up to (x) people per week before account expires... then they will get thrown to a payment page.
Now there are all sorts of permission levels i can manipulate... one thing i didnt realize is this. What if one member signs up for this:
Middle package ... user can contact (5) people per day.
Now what if next month i say i want to make it (2) people per day for the Middle Package?
I am pretty sure the new changes will reflect the old members? So they paid $19.99 to contact 5 people per day but now i changed it to contact 2 people per day? I guess i did not think that through, what is the proper way to go about this issue?
Also how does it work with pricing in membership sites? I do not believe if i manipulate the pricing it will go in and actually change the old members pricing through my payment gateway but is it needed to put it in TOS that they must pay the price they have agreed to initially regardless of reductions later on?
Thank you
The solution is to either:
You should use some form of RBAC or ACL if you don't do it already, solution 2) scales better with it.
The Zend Framework (and perhaps any other major framework) has some sort of classes for authorization control, RBAC or ACL (or some sort of).