About the permission check of background interface

suppose you develop a simple mall: a store has a shopkeeper, several clerks, and several goods. The rule is:
shopkeepers can add / change / delete shop assistants and goods
shop assistants can add / change / delete goods

if you now write the interface update_product (id) to change an item, according to the above rule, you must check the following items: whether the item identified by
id exists? There is no Times fault, or go on.
find the store to which the item belongs, and the foreign key constraint ensures that the store must exist;
check whether the currently logged-in user is the owner or clerk of the store, and if so, perform the action, otherwise report an error.

question 1: are all these check codes, which need to read the database, written in this interface?
question 2: is it easier to use RBAC than to write check code directly?
Thank you!

Php
Dec.09,2021

personal suggestion:

permission rules are stored in a table
write permission public methods
all methods inherit public methods

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e9d9a5-196b.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e9d9a5-196b.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?