Implement a policy/permission system based on roles

Question

Closed this issue a year ago · 0 comments

This system should allow/prevent to see and update resources, based on the identity of the requester.

For example:

a character sheet can only be seen by a player who has a character in the same party
a character sheet can only be updated by the sheet owner OR the party GM
a character can only be deleted by its owner or the party GM
a character can only be created by a party member (player or GM)
a party name can only be changed by the party GM
party details can only be seen by party members
player details can only be seen by the owner and party members
player details can only be changed by the owner