- Some mechanism should be set up to implement
complex group rights rules. For example. Say I have
three forums (A,B and C). Group 1 has access to A,
Group 2 has access to C. Right now there is no way to
allow a user who is a member of group 1 & 2 to access
forum C without also letting group 1 and group 2 see it.
The solution is to check for group 1 AND group 2, which
is not possible now AFAIK.
You could make a third group, but that gets messy fast
if you need to do a lot of this.
This is sort of like a Role/Content system.
Role level groups could control the level of access a
person has. Content level groups control what content
they can see, but right now someone with a particular
role has that across the entire system.
- Group access rights should be hierarchical. That
way objects and users inherit certain rights from their
base objects unless specifically over-ridden.