I have a problem I just cannot figure out. I am writing an app for my place of work to manage and plan shift patterns and holidays. There are 4 levels of user:
Level 1 - User
Level 2 - Manager
Level 3 - Senior Manager
Level 4 - Admin
I currently use bitwise type permission to authorise who can access what on the app and this is working fine. What I want now is to allow a user or a higher level to edit and authorise data from users of a lower level. So basically a manager can authorise a user and a Senior manager can authorise both a user and manager. The permissions are store in a single field in the following format.
User - 000
Manager - 001
Senior Manager - 011
Admin - 111
So with this I can search the DB for any user that has a permission set less than the current users permission.
Except...
Here's the problem.
I have a trusted manager who I want to be an admin to add users and manage the system but I don't want them to be able to authorise any one but users data?
I know I tend to waffle but does anyone have any ideas on this??
Many Thanks,
Gav.