I’m building an app that includes Projects. I have a permissions model that enables users to either edit, comment, view, or do nothing on a given Project. The way I currently have this implemented is via a Contributor model. A Contributor is a User + a Capability (can edit, can comment, etc.). Projects have a Contributors field, which is a list of Contributor objects.
I want to set up privacy rules so that Users who don’t have appropriate permissions for a given Project can’t see any of that Project’s data, but I’m struggling to do that with the privacy rule definitions.
I’d like to do something like:
this projects:contributors:filtered('can edit'):each item's user contains current_user
Is there a way to do a more advanced query for a privacy rule?
I thought of having Project fields for editors, commentors, and viewers, each as a list of Users. But, that seems like it doesn’t give me much flexibility to add new permissions levels in the future, and it makes it more difficult to list out the Users that have any permissions for a given Project.
Help and advice appreciated.