We have a document management web application, which users use to collaborate on a document. There are 2 roles at the application level - Editor and Reviewer, and 3 rights at the document and document section level - Edit, Comment and View, View.
Documents can be shared between all users in the application. Documents can be shared at 2 levels
- the entire document
- specific sections
with any of the 3 rights - Edit, Comment, View.
Sharing at the document level is straightforward. If a document is shared with Edit rights, the user has Edit rights on all sections of the document automatically.
However, we are facing problems in formulating the access rights at the section level. For example, if the entire document is not shared with a user, and specific sections are to be shared, then should we allow users to be given different rights (Edit, Comment, View) on different sections?
The modules to be loaded for Edit, Comment, View rights are decided at the controller level for each component with authorization rights. The specific scenario which has us confused is if users are given different rights on different sections, the authorization needs to be called again, and the modules need to be reloaded. Ideally, we would like to avoid this.
How should we handle the authorization or module loads in this case?
Our web application is on a AngularJS + .Net WebAPI + MongoDB stack. I would really appreciate any help in clarifying our thought process on this problem.
