I’m creating an application that will collect informations about the observations of animals and I would like you to ask for an opinion on whether my assumptions about this application are correct - because I have doubts whether such assumptions will be able to implement access control permissions for observation.
Suppose I have these models:
1 Observations (id (PK), observation_date, animal_id (FK), description, author_id)
relations: animalName => belongsTo: Species, animal_id
2 Species (id(PK), animal_name, group_id(FK))
relations: animalGroupId => belongsTo: GroupsAnimals, group_id
3 GroupsAnimals (id, name)
additional - for example: when i create a new observation, in additional GET parameter is defined animal group (such as observations/create/"mammals") - and on this basis the appropriate form is loaded as separate views for different animal groups.
Did using this assumptions - such as when i create new observation (regardless of the animal species, always used in the controller is the same action that only loads the different views), or update observation (regardless of species animal, always used in the controller is the same action that only loads the different views) I can easily define access permissions for observation based on whether the user is authorized to view the observation of the species (for example only mammals, birds etc). I can implement this functionality in a situation where any animal group belongs to another controller (i defines operation in rbac: Mammals.View, Birds.View, etc.), but it would be a reproduction of the code that I would like to avoid.
Is it possible to define such operations / tasks / roles and rules of CheckAccess to implement this functionality? If so, I would ask for a tip.
Thank you in advance and best regards