The current permissions system, as simple and reliable as it is, can become quite limiting for more complex projects. This has already been pointed out by various users. For example, user-based permissions, which are necessary e.g. to prevent access to pages based on authorship, are currently impossible.
I’m currently thinking about developing a plugin that will (re)enable the handling of more complex permissions similar to Kirby v2 (see my forum post).
My approach has actually changed since my forum post. At the moment I’m leaning towards a solution where permissions are exclusively handled per user role in the form of php closures outside the user blueprint.
I think it would be possible to create a quite reliable implementation via a plugin. But I read that the permissions system of Kirby v2 was dropped because it was unreliable and hard to maintain. I furthermore read that the callbacks weren’t consistent because of the possibility of changing data and that the current panel could cause problems because it’s not designed to react to changing permissions (see this Issue). I don’t think that handling permissions with hooks or queries is better in this respect. Given my limited knowledge about Kirby, this should be evaluated by a core developer.
I can understand why the Kirby v2 permissions system was replaced in order to make Kirby less complex, but the current solution doesn’t seem ideal either. I like the idea of a plugin that implements more advanced permissions while letting users decide whether they need it or not.
Current permission system problems
Plugin advantages
Plugin Problems
permissions()
method (I can’t think of a way to override the ModelPermissions either)Also adding this here for reference: https://github.com/getkirby/ideas/issues/492