This level of granularity is probably a road to hell and could be implemented by special logic in the host application. E.g. User 123 has the role "moderator" but we want him to be able to do one extra thing that other moderators can't. Solution is to make a new "moderator extra" role and assign the capability there, or add special logic via a wrapper to hasCapability to check a local DB table.
This level of granularity is probably a road to hell and could be implemented by special logic in the host application. E.g. User 123 has the role "moderator" but we want him to be able to do one extra thing that other moderators can't. Solution is to make a new "moderator extra" role and assign the capability there, or add special logic via a wrapper to hasCapability to check a local DB table.