Add support for restrictions on individual features

[GoogleCodeExporter]

Use auth modes (using authlib, see new model module for examples) with group 
and flag list to support restrictions on individual features like ztele, 
zspawn, etc.

Original issue reported on code.google.com by richard.helgeby@gmail.com on 3 May 2011 at 2:49

[GoogleCodeExporter]

The access manager in the base can do restrictions on modules, but not on 
individual features within modules. Maybe we don't need that level of detail.

If we do, the access manager could be improved to store privileges for all 
kinds of features, mapped to a name.

It could use features in authlib to have a mode, group list and flag list. The 
mode should default to "either" (group or flag).

In addition to just pure lists of groups and flags it should allow a callback 
for additional tests handled by the module itself.

The advantage with this kind of access manager is that general authorization 
code will be centralized (groups and flags). The disadvantage is that modules 
will depend on the access manager.

Where these settings should be stored needs to be figured out. Use a central 
config file for access, or let each module have permission lists in their own 
configs?

Also, how should they be stored? A simple solution is to use pure console 
commands that set them, so configs would have commands like this: 
zr_access_set_groups <feature identifier> <group list>

Original comment by richard.helgeby@gmail.com on 4 May 2011 at 5:39