Users:
- User1 is Executive of Company1
- User2 is Manager of Company1
- User3 is Executive of Company2
- User4 is Manager of Company2
- User5 is Executive of both Company1 & Company2
- User6 is Manager & Executive of Company2
- User7 is Manager of both Company1 & Company2
API endpoint: https://api.example.com/users/{id}When I authenticate, the system already knows which company / companies I belong to and what role(s) I have. Given that I have few rules.
Rules:- Every employee can access his own company's data.
- Managers can access all Executive data.
- Executives can only access personal data.
- One person can belong to multiple companies. One person can have multiple roles.
- Only the highest authorization counts if a person has two roles in a company.
How can I implement it using Apache.
I found few modules in
https://httpd.apache.org/docs/2.4/howto/auth.html
But not understanding, will i have to implement these logics in my app or can i use these modules to solve this problem?
If this can be done using modules then please give me some sample config so that i can work with it.
