826 B
826 B
-
Role: a named bundle of responsibilities (editor, admin, member)
-
Group: a scope or context (org, team, project, publication)
-
Permission / Capability (capability preferred in code): a boolean fact about allowed behavior
tips
-
In the database, capabilities are boolean values. Their names should be verb-subject. Don't include
canand definitely do not includecannot.✔️
edit_post
❌cannot_remove_comment -
The capabilities table is deliberately flat. If you need to group them, use
.as a delimiter and sort and filter accordingly in queries and in your UI.
✔️blog.edit_post
✔️blog.moderate_comment
or
✔️blog.post.edit
✔️blog.post.delete
✔️blog.comment.moderate
✔️blog.comment.edit
are all fine.