I would like to modelize multiple entities which will share the same way to:
- handle permissions for CRUD operations based on a role
- apply a view on data fields based on a role
Here is one of my entity. Currently all the fields are in a single entity named “Craftsman”.
I wonder if there is a right approach to manage that using the tools Strapi offers.
Shall I split this entity with one sub-entity by access role.
Then apply a policy on the route/graphQL operations, based on the role.
Doing this would multiply the number of table based on how many layers of roles I want. It would not be scalable in case I need to add later other roles. It seems wrong approach.
Some examples according to the given image of what I try to manage:
1- data accessible with a find/findOne:
admin can see […, ‘craftsman_monthly’] fields and also all the less restrive one [‘email’,‘IBAN’,‘personal_phone’][‘name’,‘description’,‘images’]
owner can see [‘email’,‘IBAN’,‘personal_phone’][‘name’,‘description’,‘images’]
with no role we can see [‘name’,‘description’,‘images’]
2- CRUD operations:
we can modify data only if we have enough sufficiant role. (admin > owner > no role)
I already saw lots of questions of the community about that and read multiple Strapi documentation guide. I’m still not sure about how putting some glue about everything:
- overriding each entity controller to show/hide fields based on a role. I could group entity fields into Strapi components and then handle visiblity based on the role.
- apply policy based on the role to restrict permissions on CRUD operations
I need to find an evolutive approach and be able to :
- add more roles later without refactoring the whole datadabse
- add more fields
- have multiple entities which will share the same pattern
I’m on free plan but I will consider upgrading if it helps to solve the described situation.