We are using a party model for a booking application, so that customers and staff effectively share the same table in the database.
Previously customers could only 'book' an appointment if they paid and if a slot was available. Now, we want to create a premium_customer type rol开发者_运维知识库e so that customers can make bookings without paying and even if there is no availability.
Does it make sense to add customers to a single security model, such as in an ACL or RBAC?
- If so, do we introduce roles called
normal_customerandpremium_customeralongside ourreceptionandduty_managerand other staff roles? - If not, should there be a separate security model for website users?
As I don't know all your requirements, i can't give you a definitive solution, but your Approach to create a role could be correct i many cases. However, you could also create a "Subscription", wich could have start- and end date.
yes it is fair to create another role to record premium customer
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论