I'm planning an upcoming multi-client compatible (Java) web-application and thinking about how to implement the requirement for the clients to have subsriction-specific feature enabled or not (like free subscirption, standard, professional etc..)
Specifically, I'm wondering if it is a good practice to manage these features by our database-based security/authorization system where a user of a client has certain roles having certain authorities/permissions. Somehow I dont like this idea because the subscription is in our case always tied to the client, not to the clients users.
The other (simple) approach would be to add bit/boolean properties on the client entity (hasFree, hasStandard, hasProfessioal).
What is the recommended way to handle such a requirement, should I integrate it with the authorization-system on a user-level?
Aucun commentaire:
Enregistrer un commentaire