<p>Hi everybody, I am trying to develop a IT device info management system for a large company which has lots of branch offices in different locations. Each branch office has some IT devices whose information like purchase date, price, current user should be managed via this system.
This system should has a supper user which can manage everything. And the super user can create device managers for a specific branch office or for a group of branch offices grouped by their locations. The device manager can login into the system like super user. Device manager can manage devices of the single branch office or offices he/she has been assigned to . And device manager has two different permissions, read and write. It means some one could just list and read the devices information, and someone can edit.
So my question is what is the best pattern to deal with such kind of authorization request? User has different permissions to different resources.
My current idea is something like this: Each device belongs to a branch office. Each branch office has an ID. There is a many to many relationship table for user to branch office. This table has three columns like user_id, branch_id and read_only. With such table, when a user want to list all his manageable devices, I would fetch all the branch office ids firstly , and then query the device table joint with the branch office table using sql clause like 'where branch_office_id in (branch_office_ids for this user)'.
Seems current method will work. But I think there must be many standard design pattern to deal such kind of request. I tried to find some package or middleware for Go and failed.
Would you please give me some ideas or just some useful links? Thanks!</p>
<hr/>**评论:**<br/><br/>jimijiim: <pre><p>Active Directory, ACL , RBAC , ... there are plenty of standards when it comes to resource authorization. </p></pre>Redundancy_: <pre><p><a href="https://github.com/ory/ladon" rel="nofollow">https://github.com/ory/ladon</a> ?</p></pre>
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889
- 请尽量让自己的回复能够对别人有帮助
- 支持 Markdown 格式, **粗体**、~~删除线~~、
`单行代码`
- 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
- 图片支持拖拽、截图粘贴等方式上传