Relax assumption that the scope is applicable to all permitted actions

[serodriguez68]

Note: please note that this is a note to self and not a bug in the gem.

The current definition of a role implies that the same scoping rules apply for every action a role can do. A counterexample that breaks this assumption is “a writer should be able to see everyone’s reports but only edit his”. In this case, the writer is both allowed to view and to edit reports, but the scoping rules that apply for the actions are different (Scope By User: “all” and “mine”) respectively.

This use case can still be handled by creating 2 roles “all content reader” and “own content editor” and assigning them both to writer users. However, the clarity of the structure suffers. Alternatively, if these cases are not prevalent, developers can choose to handle them by hand.

Request from the community to natively support these types of use cases are expected. However, it is still too early to tell the extent of the support required and waiting to hear back from the community is advisable.

Additionally, the role composition feature which is a candidate for the pipeline could solve this issue altogether.