Back with the authorization thing.
My system somewhat mirror’s Discord’s in that admins can create user roles. A single user can have multiple roles, which solves my earlier issue of allowing a mix-and-match approach to granting access rights to content and operations. Each role, then, has a series of permissions. These are static options such as “access” to allow access to a page, “read” which is effectively a read-only option, and individual “add”, “edit”, and “delete” permissions. I figured that when it comes to using a site, these are the actions that a user might be inclined to take: accessing a page, seeing content, and modifying content in one of three ways.
There’s not a lot of special about the roles themselves. They have a name, a unique code, and a description. Roles can be deactivated, but I need to set up a ‘fallback’ option, possibly configurable, so that a bunch of users in a deactivated role don’t suddenly become persona non grata because of clerical maintenance.
Permission management itself is a bit more of a chore. Each page has a category so they can be organized somewhat. Although there should be, there’s currently no way to mass-set permissions for an operation at the page group level, so I’m considering this admission to be a work-item for my next development session. Each page has the five yes/no options tied to a simple toggle switch. The effects are immediate as a user’s permissions for a page are retrieved in real time from the server when the user attempts to perform one of the actions governed by these switches.
Eventually I’m going to need to add a “page management” interface because pages are more than just containers for permissions. Some pages can be set as “homepages” so a user account can be routed to a specific page when they log in, or if they occupy a specific role, for example. In those cases, I’m going to have to flip the script: when adding or editing a page, I will need a list of defined roles and their permissions for that page so admins can quickly assign permissions for a single page to all roles which need them changed.