chi:1222626171 wrote
The problem with this is, everyone has a unique username, but can be part of several groups. So, which group should be used to replace a @GROUP@ wildcard?
I see. Let's go a bit in detail: I have a list of users groups. Each group has its own name space. All members of a given group should have a level 16 for editing anything but only in the namespaces of the groups they are members of. That is, some thing as:
group1:* @group1 16
group2:* @group2 16
...
However, as the group list could be very large, it would be nice if I could do it in a simpler way without having to define in detail each group. For this reason I think something as:
@group@:* @group@ 16
to mean that "any member of a group has a level 16 in the namespace with the same name of that group". Maybe I have misunderstood the way the wildcards work, however.
Another solution would be a fully dynamic ACL, taken from a database with the permissions a user have on the groups he is member of but I'm not sure whether it's feasible (maybe a plugin would do the trick?).