I’m interested in this topic as well.
How would the above “manyToMany” customization handle conflicting permissions? For example, given a Role B permission is allowed, and Role A permission is not. Which takes precedence?
Let’s assume there’s some kind of priority. So if you consider an example priority like this: “Role C, Role A, Role B”… then in the same scenario above Role A’s permission overrides Role B’s.
In addition to all of this, I’m interested in integrating limits to access control as well. Count limit, rate limit, etc. So, for example “Only allow if they have less than X posts” or “Only allow if they under the threshold of 100 in the past hour”. As well the ability to add exceptions, like “For user X, allow unlimited posts”. These things are outside of the scope here, but… they must wrap the API. Presumably this would be a custom plugin from-scratch.