Why are groups' roles defined on each reference?

[jdmswong]

I'm confused, it seems wherever groups are used, roles are assigned to them. For example:

Roles.addUsersToRoles([user1, user2], ['glorious-admin', 'perform-action'], 'example.org')

To my understanding this line is adding user1 and user2 to the 'example.org' group, which encompasses the roles 'glorious-admin' and 'perform-action'.

I would expect only the group to be assigned to the users, and the roles assigned to groups elsewhere. That way if we decide the example.org group are no longer glorious-admins we don't have to change every line example.org is used, only the one assigning glorious-admin to example.org.

Also what happens if this line is executed right after?

Roles.addUsersToRoles([user3, user4], ['perform-action'], 'example.org')

Is example.org still glorious-admin? What happens to user1 and users2's roles?

Can you elaborate on the semantics here? Thanks!

[alanning]

Hi @jdmswong, I updated the readme with a section about groups. Does this make it more clear?

[jdmswong]

I understand now, groups don't represent collections of permissions. You think of them as separate entities a user has specific permissions for, independent of other groups.