Hello Strapi Community,
I need to create a permission system which allow me to define actions and to allow or disallow Roles to perform those actions.
For instance I don’t want my front end to display the “restaurants” that have a 5 stars rate when the user connected is a Technician (his role ). This would be an action named “view 5 stars restaurants”.
I have the insight to create a route leading to a function in my restaurant controller and in that function :
- Check the user role based on the JWT Token
- Check if the role has the permission to proceed “view 5 stars restaurants”
- If he has not, strapi.query restaurants that has less than 4 stars and return it
- If he has return all restaurants
The tools I am coding will implement a lot of such actions and a various number of roles depending on the needs of the client using the tool.
Here are my questions :
Should I create a collection to store the permissions for a given role ?
Should I modify the roles and permissions plugin that Strapi provide ?
Is creating various routes and controllers functions a good way of doing what I want ?
I want to code smart and clean and am open to any kind of suggestions or remarks
Thanks for reading