DonBananos
commented
8 years ago Find a way to make it possible to revoke certain permissions from a user with a certain role. Might be a 1 or 0 in db, such as user id has permission id with 0 revoked (extra permission). 1 revoked would be a removed permission from current role
Implement user roles as permissions. Each user has a role, which is defined in the db as user_roles. Each user_role is granted x number of permissions, which are also defined in the db, but enforced in the back-end logic. Each user can have x number of extra permissions, granted by a user with permission 'grant_users_permissions' granted. These permissions can be stuff like 'delete_discussion_posts', 'edit_discussion_posts', 'edit_movie_details etc. A mock user role could be 'movie_moderator', which could have the following permissions as standard: ' remove_movie_images', 'edit_movie_details', etc