dtarb
commented
9 years ago I can see the value in this. It would be helpful for buttons to permit/deny requests to be on a users dashboard and for a user to receive alert emails if their profile indicates their acceptance of such emails. My sense is that in the spirit of modularity this should be separate from access control but should use access control API functions.
It strikes me that there would be a use for request/permit/deny logic that is the reverse of invite/accept/refuse logic, for people who wish access to a discoverable, non-public resource. This would be very easy to implement here inside access control; the code is parallel to invite/accept/refuse. But it is really a messaging feature.
So, there is some question as to whether this should be implemented as an access control measure or a separate messaging subsystem.