I'm building an app that will need complex user access rules.
Many roles have been identified (8 so far), each one with specific rules and independant to each other (not hierachical as a basic Supderadmin > admin > user can be)
Each user may be part of 1 or more "role" (every combination possible).
I've found a post talking about "group" assignements (Yii2 RBAC Multiple Assignments for Each User Based on Groups) but I can't figure out if it's suitable for my app or if I should change approach.
Here is a quick (and simplified) sample of roles and permissions :
A Supervisor may :
- Access supervisors specific module
- Edit some parts of articles he supervise
- validate articles he supervise
A writter may :
- Acces writters specific module
- Create new articles
- Edit it's own articles
A Section manager may :
- Access sections module
- publish/unpublish acticles in sections he manage
In that sample :
- a section manager may also be a writter (but not a supervisor)
- a section manager may also be a supervisor (but not a writter)
Is there a way to achieve that with RBAC ?
Thanks for your advises
