You need to create an association path between your persisted objects: Photo and Account. Once you have a path, you can create an XPath access rule. Since you already store the Customer ID two ways (CustomerAccess and as a foreign key on Photo), I’d recommend that you create a persisted Customer entity and an association path like this:
- Create a persistable entity that represents the Customer. It can just store the customerID and the rest of our customer data can still be fed from APIs.
- Create an association from Photo to Customer. This association from Account to Photo replaces the CustomerAccess object that you store today (so it keeps track of which Customer(s) the Account has access to.
- Create an association from (user) Account to Customer . This association replaces the need to keep CustomerID as a foreign key on the Photo entity itself.
Then, your access rule would be like this:
[MyModule.Photo_Customer/MyModule.Customer/Administration.Account_Customer = '[%CurrentUser%]']