Permissions For Different Users

Hey guys!

So I’ve come across this problem hopefully we will find a solution :).

So I have two tables: USERS and GROUPS. Each User belongs to a Group. I have an Access_Level column in USERS and the values are as follows:

1: User

2: Group Admin

3: Super Admin

The Super Admin has:

  • Full USERS permissions

  • Full GROUPS permissions

The Group Admin can:

  • Create, Modify & Delete only USERS who are in his GROUP (When creating, the group is automatically assigned to the user)

  • Modify only his own GROUP

So far, I can access the Access_Level variable of the user through



I have two solutions which are both ineffective.

1.) Create separate files for create, update etc. for Super Admin and Group Admin. However, this is ineffective because it has no code reusability.

2.) Keep the same files and use if statements for specific actions. (Might cause spaghetti code).

What would be a more convenient way of solving such problems. I’m trying to avoid using an extension such as rights.

Thank you.


I this extension will solve all your needs…

I had similar situation like you with almost same thing to implement. Only solution I could find was using rights extension or if you don’t want to use extension then you will have to use If…else statement for specific actions.

Thank you for your replies guys.

I decided to use expressions in accessRules with functions in the model. Combined with if else statements at some points.