Ok, lets back away from implementation details up to usablity issues.
One thing I was thinking about in my original post was the ablity to look at a category or forum permission definition in the admin screens. E.g., click on "edit" or "permissions" next to a forum, and see which groups have which permissions to that particular forum or category.
This would include all forum relative permissions, like perm_forum, perm_read_only_forum, perm_reply_only, perm_moderation_forums, perm_anonymous_posts, perm_reply_without_moderation, perm_html_disabled, and the 3 or 4 other ones I'm forgetting.
IMHO, that's the more natural way to think about security than to deal with multiple group rights that cover all forums. (but having that way is nice too..
) .
Hmm, I wonder if the permisions.xml file should be broke up into sub categories, e.g. global_permissions.xml, category_permissions.xml, forum_permissions.xml and the pick the combinations you want/need for the admin screen you're building. The XMLPermissionControl class looks like it could handle this. But I'm diving in implementation again...
[originally posted on jforum.net by monroe]