Lukas Bestle :
Thank you for your reply.
I’ve seen the same concern mentioned in the discussion of 2015.
But maybe there is a confusion in the way you (or maybe me) look at permissions, users and roles.
Roles collect permissions for a certain task to be given to not one, but most probably many users. Two users with different roles have different permissions, because having 2 roles with the same permissions doesn’t make sense. Two users with same roles have of course the exactly same permissions.
Users on the other hand can have more than one function in a company or a club or whatever. Meaning that IT-wise they probably need to either have more than one account OR more than one role to be able to fulfill their functions
So if two Roles give contradicting permissions to a user, you have to establish a hierarchy of permissions or statuses of permissions. And in conflict the higher permission (or status) wins.
It’s been a long time since I worked with wordpress, but as far as I remember, that’s how wordpress deals with different roles and permissions.
Looking at this from the roles perspective it seems there are contradicting permissions. But from the user perspective the permissions are complementing. As an author I can write an article, but not publish it. As an editor on the other hand I can give clearance to publish it. With both roles I have extended permissions. And still all the other authers cannot publish their articels themselves…
In kirby-terms that means: if you have
panel:false in one role-blueprint and
panel:true in another and both roles are given to one user,
true always wins.
So, if that makes sense to you, it should be possible to come up with something that allows kirby-users to have more than one role. Other CMS’s are doing it too 🙂