Cascading permissions

[cthree]

I'd like to see IPB use a system of cascading permissions and privileges.

As it stands there are a series of permissions for global, per group, per forum and per user. However these permissions are all mutually exclusive. I can disable PMs for a group of users but not an individual user for example. My suggestion is to implement a cascading permissions system which a set of permissions flow down from top to bottom ala CSS:

Global -> Section (forums/blogs/galleries/etc) -> subsection (gallery category/a forum/etc.) -> Group -> User

Every session inherits a set of global permissions. These are then added to or restricted by the member's group and then their member account and so on down the line to derive a final set of permissions for a given member at a given place in the system. Modules would extend the set of permissions available.

For example, the forums would have a base set of permissions:

<realm id="global">
<permission id="postnewtopic">
<name>Post New Topics</name>
<description>Allow this members to post new topics</description>
<type>boolean</type>
</permission>
<permission id="edittimeout">
<name>Edit Timeout</name>
<description>Allow editing of posts for how long?</description>
<type>unsigned integer</type>
</permission>
...
</realm>

The values for each of these would be set globally which in the case of a no guest posting postnewtopic=0. I could then override this in the group set with postnewtopic=1 but in the case of a suspended account override it again with postnewtopic=0 resulting in a final permission value of 0 or FALSE in this case.

Initially all permissions are set to a global set of defaults (configuration) but then adjusted on down the line. This would allow me to infinitely fine-tune permissions for everything on the site right down to the individual user account level.

Such a system of permission control is lightyears ahead of anything out there and conforms to both the model used for CSS and IPB's own skin system. Enjoy or ignore as you please.