If I wanted to use a payment system other than apple or google to purchase digital content in my app, what is the best method for restricting that content? Is there any way to do access control based on content of data itself (for example, a “purchases” table), or do I have to add individual user accounts to ACL’s for resources they have purchased?
Hi Jason,
Any chance you could elaborate on what you mean by “restricting content” ? Do you mean granting permission to fetch a data object to a user if they paid for it?
Regards,
Mark
Yes basically. I mean, its straightforward to make something not accessible to all users, and simply add each user to an ACL if they have been granted access to something. But it is there any way to restrict content based on a data table or something? For instance a user could have a relation to another object, or a field that grants them access to specific content. Just curious if adding users to a massive ACL list is the only way to restrict content on a user level.
I see. Rather than adding users to a massive ACL, how about granting access to the object to a custom role? (via object ACL) When a user makes a purchase, you add him to that role and that will inherently grant access to the data content.
So basically I have to create a role for each product I wish to sell? That is really a poor solution, but thanks for the help. I suppose I can do that for now.
You’re right, that’s not an elegant solution. How about an option where when a user makes a purchase, you invoke custom server-side code which sets the permission for the user and the specific product they purchased? Let me know if that sounds reasonable and I will show the API to use for that.
Please provide more information how to implement this behaviour (invoke custom server-side code which sets the permission for the user and the specific product they purchased)