The problems I want to solve here:
- It should be really really easy for business code check whether the current user is able to something.
- That "something" should be expressed in a type-safe way, where possible. It should also be expressed in a way that allows different levels of granularity, such that broadly-scoped permission rule can allow a user access to a very narrowly-scoped 'thing'.
- The rules that explain who has permission to what should be able to be expressed in a way that is pretty readable.