A not so simple Role-Based Access Control System
It is highly influenced by File System symbolic notation
e.g.
-rwxr-xr-x
crw-rw-r--
In Verb Based Auth we do:
x--- for create/execute access (POST)
-r-- for read access (GET)
--u- for update access (PATCH)
---d for delete access (DELETE)
Basically a row represent as [POST, GET, PATCH, DELETE]
and each column char has a tristate value:
-or nonxrudchar represents - no access.- lowercase
xrudchar represents - partial access, which needs addition checking see below. - uppercase
XRUDchar represents - full access.
Lowercase (xrud) represents as a hint for the succeding process that that verb procedure needs a controller level added permission checking. Such as checking if the product belongs to a merchant, or asset belongs to a building, etc. This will blatantly fall in your db query and database design.