Implement a policy/permission system based on roles
Closed this issue · 0 comments
brouberol commented
This system should allow/prevent to see and update resources, based on the identity of the requester.
For example:
- a character sheet can only be seen by a player who has a character in the same party
- a character sheet can only be updated by the sheet owner OR the party GM
- a character can only be deleted by its owner or the party GM
- a character can only be created by a party member (player or GM)
- a party name can only be changed by the party GM
- party details can only be seen by party members
- player details can only be seen by the owner and party members
- player details can only be changed by the owner