I am looking for some valuable feedback from fellow programmers to give me proper insight on how to securly proceed with the development of my application.
Currently, my application has 3 users roles: user, admin and moderator. As I build this application and envision what I would like this application to do and the different levels of roles required, what would one suggest to be the most secure way to achieve this?
Would it be better to create a bunch a roles and then define them in the controllers and create a bunch of different views based on their privileges, create additional controllers based on their role and filter it that way or create different versions of my application on different sub domains and create an API that lets each version talk to each other to retrieve certain data?
Any suggestions would help a lot before i get to vested into this project!