Hi everyone, I'm about to develop a management web app with Laravel.
I need that my users have different roles with different permission.
In details: some users can add customers, some users can write pieces of a paper related to the customer, some other users can just read that paper and some other users can read just some pieces of that paper.
So I decided to use an RBAC approach in order to gain a certain flexibility. I'll use this DB schema (just an example schema, but represent the needings of my application):
My answer is: since there is a direct relationship between users and paper, customer, attachs etc., how are RBAC rules expressed? I have to check user's permission in frontend when he request an operation or a resource? Or there are ways to express this rules even at backend level? Maybe using some GRANT options?