Different ACL and FW rules after login to captive portal

[evolver]

Hello everyone,

is it possible to define different ACL rules (web filter) and/or different firewall rules based on the user logged in to captive portal?

So for example user A is filtered through squid and has no chance pass the firewall without going through the proxy.
User B shouldn't have a proxy and has full internet access.

If it not possible with the user logged into captive portal: Is it possible to filter based on the captive portal the user was using? In this case I could let the users switch between zone 0 (port 8000) and zone 1 (port 8001) and if the log in to zone 0 they have proxy and on zone 1 they have full access.

If this is not possible: Is there another way how to implement this? Maybe using the network behind the SSID just for authentication and then somehow putting the client into net A or net B.

Thanks for your thoughts.
BR

Christian