Search code examples
phpmysqlauthorizationaccess-controluserfrosting

What is the best way to add a parent group to user groups in userfrosting?

I'm new here and this is my first question. First of all I apologize for my poor English. I would like to create an application using userfrosting 0.3.0 where:

  • Anyone not registered can create a super group (eg a company)
  • At that time an administrator user is created, other than root, but can only read information from the supergroup (administrators can not see other companies)
  • Administrators can organize your users inside user-groups, but only root can create groups and modify permissions

I thank you very much for your time.

Solution

  • UserFrosting, as of version 0.3.1, does not have built-in support for group hierarchies. However, it should be pretty easy to implement. Here is how I would do it:

    1. Create two groups, "Administrators" and "Members". Set it up so that "Administrator" is the default primary group for new users.
    2. Create two tables, company and company_user. The company table will store information about the companies, with a primary key id. The company_user table will associate companies with users, and have four columns:
      • id (int)
      • company_id (int)
      • user_id (int)
      • flag_admin (bool)

    Change the register() method in AccountController.php so that when someone registers, it creates a new company and then associates them with this company, marking them as the Administrator of this company by setting flag_admin to '1'.

    Any members that get added to a specific company should also be added to this table, but with flag_admin set to '0'.

    1. Create a new AccessCondition called manages(user_id_1, user_id_2) which returns true if user_id_1 and user_id_2 belong to the same company and user_id_1 has flag_admin set to '1', false otherwise.

    2. Grant appropriate permissions to users in group "Administrators" so that they can create/update/delete/view users, but only users in group "Members" and only if the Administrator manages them (so if "Members" has a group_id of "4", condition=in_group(user.id,4)&&manages(self.id,user.id).

    3. You will also want to modify the various user create/update/delete methods so that when an Administrator creates a user, it adds them to group "Member" and associates them with the appropriate company.

    That should get you started, let me know if you need further clarification.