28 lines
826 B
Markdown
28 lines
826 B
Markdown
- Role: a named bundle of responsibilities (editor, admin, member)
|
|
|
|
- Group: a scope or context (org, team, project, publication)
|
|
|
|
- Permission / Capability (capability preferred in code): a boolean fact about
|
|
allowed behavior
|
|
|
|
|
|
## tips
|
|
|
|
- In the database, capabilities are boolean values. Their names should be
|
|
verb-subject. Don't include `can` and definitely do not include `cannot`.
|
|
|
|
✔️ `edit_post`
|
|
❌ `cannot_remove_comment`
|
|
|
|
- The capabilities table is deliberately flat. If you need to group them, use
|
|
`.` as a delimiter and sort and filter accordingly in queries and in your
|
|
UI.
|
|
✔️ `blog.edit_post`
|
|
✔️ `blog.moderate_comment`
|
|
or
|
|
✔️ `blog.post.edit`
|
|
✔️ `blog.post.delete`
|
|
✔️ `blog.comment.moderate`
|
|
✔️ `blog.comment.edit`
|
|
are all fine.
|