Resource Scoping Best Practice
I have built a decent CRUD experience in the context of an admin user but I am unsure of what the best practice is for scoping resources to a user context.
For example, admin can interact with all records while I want a user to interact only with their own records e.g Posts vs My Posts.
I am currently thinking of creating new separate user specific resources based on the original admin resource
Is this sensible or have I got this wrong?
Guidance appreciated
For example, admin can interact with all records while I want a user to interact only with their own records e.g Posts vs My Posts.
I am currently thinking of creating new separate user specific resources based on the original admin resource
Is this sensible or have I got this wrong?
Guidance appreciated
Solution
As always it very much depends. If the resources are pretty much the same you can use
If you plan to make more changes, I'd split them into separate panels. That will lead to less authorization issues since you might forget to hide critical info or actions for non-admins.
getEloquentQuery() on the Resource to scope the data to the current user (if they aren't admin).If you plan to make more changes, I'd split them into separate panels. That will lead to less authorization issues since you might forget to hide critical info or actions for non-admins.
