Add permission system

[m4tx]

We already have some simple auth, but we also need some sort of permission system that would allow checking if a user has sufficient permissions to access specific resources. The idea is probably something in the lines of check(user, object, action) pattern, but there are several open questions:

• How should we define actions and how much of this could be automated?
• How should we store the permissions in the database?
• Should we support some sort of groups (think "Moderators", "Admins", "Reviewers", etc.)? Should we support storing them (along with the permissions) in the database/hardcoded in the server binary/both?

[wheregmis]

Maybe using postgres with https://github.com/cmackenzie1/torii-rs ?

[xerion12]

hey @m4tx, this sounds like a great step forward. i’ve worked on auth and permission layers before, both RBAC and policy based ones, using postgres and serde configs. i’d like to help design or prototype the permission system here, maybe start with a simple check trait and later add group/role support and db storage.