alvaro-cuesta/gist:3331536

## gistfile1.clj
;; I came up with this off the top of my head (I'm thinking out loud here):

:groups {:user ['operator [:deny :all]
                'whatis [:deny :all]]
         :voicers ['operator [:allow "voice" "devoice"]]
         :whatis-ops ['whatis [:allow "learn" "forget"]]
         :admin []}

:users {"Jen" {:pass "123", :groups [:admin]}
        "Jack" {:pass "456", :groups [:voicers :whatis-ops]}
        "Joe" {:pass "789", :groups [:voicers]}}

;; Two ideas are in play:
;;  Groups: avoid polluting user permissions with lots of plugins using fine-grained
;;          permissions, e.g. with the alternative solution:

:users {"Jen" {:pass "123", :perms [:plugins.github/commit, :plugins.whatis/admin, :plugins.operator/voice-devoice]}
        "Jack" {:pass "123", :perms [:plugins.github/commit, :plugins.github/pull-request, :plugins.whatis/admin, :plugins.operator/voice-devoice, ...]}
        ...}

;; Groups are useful for both implementations, but they can be mimicked with bindings
;; and a bit of crafting in the original idea. Problem: it might not be obvious which
;; permission applies if two groups' permissions collide.


;; Second idea in play: fine-grained (command-based?) user customizable permissions.
;; Each user might want to define permissions that the plugin author didn't think of.
;; Cons:
;; - Clunky permission syntax: not sure if I really like the `:allow`/`:deny` idea,
;;   but I couldn't come up with something simpler (either only white/blacklisting
;;   leads to complex use-cases where you'd have to allow/deny lots of commands.)
;; - It isn't obvious that non-listed plugin permissions are `:allow :all` by default
;;   (that's why `:admin` is `[]`.) If not, group lists would be extremely long with
;;   `:allow :all` for public plugins.
;; - Too tied to actual commands, while a plugin might require more complex permissions.
	;; I came up with this off the top of my head (I'm thinking out loud here):

	:groups {:user ['operator [:deny :all]
	'whatis [:deny :all]]
	:voicers ['operator [:allow "voice" "devoice"]]
	:whatis-ops ['whatis [:allow "learn" "forget"]]
	:admin []}

	:users {"Jen" {:pass "123", :groups [:admin]}
	"Jack" {:pass "456", :groups [:voicers :whatis-ops]}
	"Joe" {:pass "789", :groups [:voicers]}}

	;; Two ideas are in play:
	;; Groups: avoid polluting user permissions with lots of plugins using fine-grained
	;; permissions, e.g. with the alternative solution:

	:users {"Jen" {:pass "123", :perms [:plugins.github/commit, :plugins.whatis/admin, :plugins.operator/voice-devoice]}
	"Jack" {:pass "123", :perms [:plugins.github/commit, :plugins.github/pull-request, :plugins.whatis/admin, :plugins.operator/voice-devoice, ...]}
	...}

	;; Groups are useful for both implementations, but they can be mimicked with bindings
	;; and a bit of crafting in the original idea. Problem: it might not be obvious which
	;; permission applies if two groups' permissions collide.


	;; Second idea in play: fine-grained (command-based?) user customizable permissions.
	;; Each user might want to define permissions that the plugin author didn't think of.
	;; Cons:
	;; - Clunky permission syntax: not sure if I really like the `:allow`/`:deny` idea,
	;; but I couldn't come up with something simpler (either only white/blacklisting
	;; leads to complex use-cases where you'd have to allow/deny lots of commands.)
	;; - It isn't obvious that non-listed plugin permissions are `:allow :all` by default
	;; (that's why `:admin` is `[]`.) If not, group lists would be extremely long with
	;; `:allow :all` for public plugins.
	;; - Too tied to actual commands, while a plugin might require more complex permissions.