maybe you have an alternative solution for this, but take this requirements:
- I want users to be registered only once, because it is not feasible to force users maintain multiple accounts in my system
- Users in the system can play different roles at ONCE, so for example they can be a teacher and a caregiver (or parent) at the same time (practical case: a user that teaches in a school and at the same time he/she has one or more children attending the same school)
- I want some constraints in place based on the role a user has. If he/she happens to play more roles, I want that at least one succeed to grant the operation
Today with constraints tied to access groups, it is difficult to model this scenario, and I can’t put a user in multiple groups.
In my case I’d like to have the ability to define constraints at role level, and if a user has more roles with constraints, they should be checked one after another, and if at least one succeed, the operation on the entity or entities will succeed.