# Permission and Role System ## Notes - working title: `indigo` - multiple roles mapped to one player - inheritances - `xxx.yyy.*` wildcard permissions - `-xxx.yyy.*` negative permissions (also with wildcards) - numerical group id as identifier (maybe as slug/string? human readable) - questions - for `displayname` etc. we use translations with keys like `group.displayname.{id}` - we do not need additional information, just use permissions like `blabla.friends.max.36` for that - service to get roles and permissions of a player - also a route to check a specific permission against a given player. Like asking the service: "does he have permission for xy.zz?" - and to modify and update permissions (call event to update cache -> https://github.com/cloudevents/spec) - data model - `id VARCHAR PRIMARY_KEY` - `priority INT` - `transient BOOLEAN` - `color VARCHAR(6)` - table for: role definitions, role <=> permissions, role <=> user subaccount, user subaccount <=> permissions - also part of the project: - the paperspigot plugin to inject the permissions into the player i.e. overriding the `hasPermission` check - role and permission regex: - role: `xxx_yyy` - permission: `xxx.xxx.*.zzz`, `xxx.yyy`, `xxx.yyy.36.zzz` - service written in: Go or Kotlin, Go would need a Hagrid Go Client probably (or not, depending on how easy it is to use Kafka with Go) - name: `indigo` - first: using gRPC to build the routes for GET, UPDATE, DELETE and stuff - dbmate for sql migrations: https://github.com/amacneil/dbmate ###### tags: `concept`