[r/boards] initialize Permissions

[salmad3]

Context:

Establish a Permissions interface within the /r/boards to manage role-based access control and support callback-driven permission checks. This system should be adaptable for different levels of user roles (Owners, Admins, Moderators, Members) and should facilitate future integration with an AdminDAO for governance. The core purpose is to create a composable permission structure that allows for the encapsulation of logic related to user actions, checks, and role management.

Moderation and Ownership Recap:

• Owners: Can perform all board-level operations, including adding or removing other owners, except for removing themselves without a successor.
• Admins: Can manage board settings, content, and user roles up to moderator level but cannot remove owners.
• Moderators: Can flag or delete content within configured thresholds.
• Members: Have basic posting rights based on board-specific settings.

Note

The full version will include AdminDAO interaction, but this initializes the core Permission work as a proof of concept and should provide an interim solution for AdminDAO and other moderation tasks as needed.

graph TD
    subgraph /r/boards Realm
        direction TB
        subgraph PermissionsInterface
            WithPermission["func WithPermission(user Address, action string, args ...interface{}) error"]
            HasPermission["func HasPermission(user Address, action string, args ...interface{}) bool"]
            GetRoles["func GetRoles() []string"]
            GetUsers["func GetUsers(role string) []Address"]
            ModerationConfig["struct ModerationConfig"]
        end

        DefaultPermissions["struct DefaultPermissions"]
        DefaultPermissions -->|Implements| PermissionsInterface

        Owner["struct Owner"]
        Admin["struct Admin"]
        Moderator["struct Moderator"]
        Member["struct Member"]

        Owner -->|Manages| Admin
        Owner -->|Adds/Removes| Moderator
        Owner -->|Configures| PermissionsInterface
        Owner -->|Configures| ModerationConfig
        Admin -->|Manages| Moderator
        Admin -->|Handles| ContentModeration
        Admin -->|Adjusts| BoardSettings
        Moderator -->|Flags/Deletes| Content
        Moderator -->|Follows| ModerationConfig
        Member -->|Posts| ThreadsComments
    end

    subgraph AdminDAO
        direction TB
        ProposalApproval["func ProposalApproval()"]
        GovernanceDecisions["struct GovernanceDecisions"]
        ExternalValidation["interface ExternalValidation"]
    end

    PermissionsInterface -->|Uses| HasPermission
    PermissionsInterface -->|Executes| WithPermission
    WithPermission -->|Interacts with| AdminDAO
    AdminDAO -->|Initiates| ProposalApproval
    ProposalApproval -->|Requires| GovernanceDecisions
    GovernanceDecisions -->|Returns| ApprovalRejection

    subgraph FutureExpansion
        BoardForking["func BoardForking()"]
        BoardRenaming["func BoardRenaming()"]
    end

    WithPermission -->|Controls| BoardForking
    WithPermission -->|Controls| BoardRenaming

Loading

Acceptance Criteria:

• Permissions` interface includes methods to account for board level operations based on roles.

  Example

  type Permissions interface {
      WithPermission(user Address, action string, args []interface{}, callback func(args []interface{})) error
      GetRoles() []string
      GetUsers(role string) []Address
      HasPermission(user Address, action string, args []interface{}) bool
  }

• Implements DefaultPermissions as an initial realization of the Permissions interface:

  • Includes role mappings and a member set.
  • Provides an interim reference to an AdminDAO instance (which can be an address) for handling administrative decisions.
  • Maintains configurable moderation thresholds for specific actions (e.g., post deletion).
  
  
  Example

  type DefaultPermissions struct {
      RoleMappings     map[string][]Address 
      MemberSet        []Address
      AdminInstance    *AdminDAO
      ModerationConfig map[string]int
  }

• Provides WithPermission() to validate user roles and execute callback actions based on permission checks.

  Example

  func (dp *DefaultPermissions) WithPermission(user Address, action string, args []interface{}, callback func(args []interface{})) error {
      if !dp.HasPermission(user, action, args) {
          return errors.New("permission denied")
      }
      callback(args)
      return nil
  }

• Methods similar to GetRoles() and GetUsers(role) provide efficient role and user management.

• A method similar to HasPermission() is used for pre-checking if a user has the required access to perform an action.

[MikaelVallenet]

Hello, within teritori we developed a role manager: https://github.com/TERITORI/teritori-dapp/tree/main/gno/p/role_manager
It does not meet all your criterias but allow to assign role & permissions easily to users, it could be used as base or inspiration to development of the Permissions interface

Within teritori we use it to manage roles for DAO deployed from our app.
Hope it can help a bit, i would be happy to discuss and help if i can :D