Open QuantumToasted opened 10 months ago
In terms of feasibility of implementing something like this:
Once the backend stabilises, I do want to release a v2 or rather "v1" of the API. I think this would be an appropriate place to introduce a breaking change like this (both the current API and the new API would both be available for use). Internally, the old API can then just remap a bitfield to the permission strings and vice-versa.
What do you want to see?
One of my greatest complaints about Discord's permission system is how limited it is as it uses a (64-bit?) bitfield object to represent permissions. On the surface, it's pretty clear why it was chosen initially, as it takes up the least amount of space and still is able to represent a myriad of permission values in a single field.
However, I feel as it has its flaws and limitations:
n-1
possible permission flags (wheren
is the bit size of the number).The "problem":
For example, let's use the existing Permission bitfield as it is today (hopefully I'm not missing any values).
This represents 29 permission values, already almost half of the available bitfield space. Ignoring conflicts with existing/planned values, if we wanted to expand many of these permissions to ones which represented a "single responsibility" (create, edit, delete, etc.) instead of an overreaching "manage" permission...
(Disclaimer: This is a mockup and reflects my opinion alone on what permissions should/could be split)
After this: 43 distinct permissions. While still a pretty far reach from the limit(?) of 63, you can see that just something as simple as splitting up a few existing permissions can quickly increase the number of flags used. Discord, if a similar approach were applied to the permission flags there, would likely be dangerously close to the limit.
Proposal
Now, I'm doing a lot of complaining and fearmongering about this and my belief that there's a potential "permission doomsday clock" ticking, but one might ask...So what do you propose is better?
To be honest: I don't have the best answer for this. There are several different ways that this could be accomplished, all of them likely valid, but they all come at the same cost: performance (likely), and the size of the data sent to/from the API. Nothing would come close to a simple integer bitfield. But I'll play devil's advocate and propose something anyway.
Personally, I always found CraftBukkit's permission format to be simple and easily digestible, while also quite extensible. It allows for wildcards (
*
) to represent "all" values of a particular nested permission.For example, let's convert my "extended" permissions bitfield into this new system (with a small number of naming changes):
Some benefits of this system:
*
member.manage.*
represents.kick
,.ban
,.timeout
,.mute
, ... etcSome drawbacks of this system:
Conclusion
At the end of the day, this would be an absolutely massive breaking change for Revolt as a platform and would require the cooperative work of dozens of people most likely - frontend, backend, as well as anyone who has written clients, API wrappers, etc, to interface with the API itself. I can't in all honesty say this is the best idea for the platform - but I think it would separate it more from its competitors and maybe give it an edge. Better to do something this drastic early on before the member base gets too high to risk a change this massive?