I have looked through this forum quite a bit but haven’t found anything that replicates my situation.
I need to support four different types of users: Admin, Business Owners, Employees, and Customers.
Each type of user has different permissions and sees a very different frontend. Also important is that each user is linked to a specific business.
My current architecture is a custom User model with a unique email, a role, and a foreign key to a business.
The problem I am facing is that our user base is growing and we are having email collisions. i.e. Business Owners would like to be Customers in other businesses. Customers would like to be Employees in the same business (multi-tenancy won’t work). etc.
Currently, the same person will have to use a different email for each user-business-role in our system.
I would like to allow people to have a single login that grants them access to behave as any of their users/accounts/profiles.
I see two options to make this work:
-
Create a new Profile model with a foreign key back to User.
I would need to authenticate the User when they login, allow them to select which Profile they are behaving as, and then have to write custom code to attach the profile to each request so that I can handle authorization via the Profile (group permissions and profile specific permissions). -
I complicate the User model.
I could remove the unique constraint on email and allow multiple users to exist with the same email and password. When logging in, if multiple matching users are found there will need to be some way for the user to choose which user they want to be. Doing it this way, I will not need to write custom code for permissions.
Does anyone have suggestions for the architecture here?