I'm currently working on a Laravel project that is somewhat multi-tenant. An administrator will be creating companies that are essentially the tenants, but a user can be part of multiple companies, each with a role or assigned individual permissions.
To make things more complex, a user can also be assigned to a project with a role, which will give them access to that project even if they aren't part of that project.
A user will be able to see all of their data that they're tied to on the same portal, so there is no switching tenants.
So permissions are getting awfully confusing with all the relationships. The following are tables that I forsee being needed to set up the relationships like this:
user:
- id
user_role (used for assigning admin users):
- user_id
- role_id
company:
- id
user_company:
- id
- user_id
- company_id
- role_id
user_company_permission:
- id
- user_company_id
- permission_id
permission:
- id
- name
role:
- id
- name
permission_role:
- id
- permission_id
- role_id
project: - id - (other project related information)
project_user: - id - project_id - user_id - role_id
So basically, is there any easy way to manage all of these permissions? It would be nice if when checking permissions, it would default check all user's companies and projects, but if one is passed in it limits it to that company or project.
I've looked into some permission plugins but I can't find anything that seems to suit my issue easily.
role
in the pivot table and check permissions in policies. – Thomas