Assign user a role per collection type item

I intend to have users that can be assigned to a content-type called “sites”. The user could be an admin of one site and a review of another.

My planned user role structure is as follows:

• Subscriber (Can create “sub-users”. Has access to Create/Delete/Update sites and all actions within each site)
• Site Admin (Cannot create sites, but all access within the sites they have been assigned to)
• Site Reviewer (has restricted permissions for the sites they have been assigned to)

Now, I have my users assigned to sites using a Many-to-Many relationship. The issue I have is that a user could be Site Admin for Site A but only Site Reviewer for Site B

How can I assign a role to a user on a per site (content type item).

These don’t really have to be Strapi roles, rather probably another content-type which holds checkboxes of permissions for that role.

How could I handle the associations between users, sites and the roles content type?

Thank you

This is a very hard question to find a good solution to.

I would almost say you need to make a custom permisisons system

Dang it! I was thinking of maby using a repeatable component however wasn’t sure if the query filtering would work all that well with this.

Only the “subscriber” Strapi User role with have any edit rights within Strapi but you I fear you’re correct

Maby you could get away with a custom relation and use that to check if they can populate/see it|
use a rbac rule + custom code for relations