dear all,
i got stuck with the policy to access my data, maybe my “workflow” is wrong …
-
i have a model Vehicle
-
i have user with a role Maintainer. They can modify via controller1 their own vehicles, or vehicles they got access to. the model has an array-field allowedEmails which is checked against the email of the logged in user. so i have an EntityPrivilege like
matcher: ‘isType(“…\Model\Vehicle”) && !(property(“allowedEmails”).like(“context.myContext.emailpattern”)’
So they just see “their” entities … -
and i have user with the role Observer. they are allowed to view ALL vehicles via controller2
that’s working fine, but now i have a user who is Maintainer AND Observer, and he/she should get access to either ALL entities (via controller2) or HIS/HER entities (via controller1), so this would be a combination of MethodPrivilege and EntityPrivilege similar to ‘isType(“Vehicle”) && method(Controller1->indexAction()) && !(property(“allowedEmails”).contains(“myemail”))’
how to solve that? do i have to create an own CustomPrivilege-Class? does it help if i would split the scenario to 2 different hosts (admin.domain.com and observer.domain.com)???
any help would be appreciated!
ciao
H.