Hi All,
I hope you can help, I am well and truely tied up in knots now… I need to implement the following:
A user needs to be able to login to the site, but then assume the identity of a number of different (child) users with RBAC for each so we can checkAccess() to various authItems (roles of poster, editor etc), without actually logging in as the child users. The child-user still needs to know about the parent account so that the user can click back to the parent account and then assume the identity of an of the other child accounts.
The current table setup is:
users (id, email)
accounts (id, accountType)
mapUsersAccounts (ida, idb)
A user can have manay accounts and an account can have many users. (Think company accounts and private accounts) When we login as a user we can see the accounts that are mapped to the user but can’t do anything RBAC based as obviously this is based on the user.
How should I approach this? I think the table premise is wrong.
Should I move all the users into one user table, then auth as the main user, check a mapping table for allowed users then "swap" in the new authenticated user when a sub user is chosen? If so how would I keep track of the allowed parent user (in the session?) ?
All help/ideas appreciated - we have ground to a halt at the moment.
I hope that makes sense!