Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The party model, permissions, customers and staff

We are using a party model for a booking application, so that customers and staff effectively share the same table in the database.

Previously customers could only 'book' an appointment if they paid and if a slot was available. Now, we want to create a premium_customer type role so that customers can make bookings without paying and even if there is no availability.

Does it make sense to add customers to a single security model, such as in an ACL or RBAC?

  • If so, do we introduce roles called normal_customer and premium_customer alongside our reception and duty_manager and other staff roles?
  • If not, should there be a separate security model for website users?
like image 630
boatingcow Avatar asked Nov 04 '22 14:11

boatingcow


1 Answers

As I don't know all your requirements, i can't give you a definitive solution, but your Approach to create a role could be correct i many cases. However, you could also create a "Subscription", wich could have start- and end date.

like image 100
Timo Avatar answered Nov 10 '22 05:11

Timo