Comprehensive permissions for Headless CMS ContentEntries to allow both Read but also Read, Write, Delete at the same time depending on the content model.

[uncle-mo]

Is your feature request related to a problem? Please describe.

I have two scenarios that I'm unable to configure the appropriate permissions for.

1. I'd like to be able to have a content manager who can read, write and delete entries for a specific content model whilst still be able to have read access to entries for one or more other content models

2. I'd like to allow the content creator to Read, Write, Delete their content entries whilst also being able to have read-only access to other entries of that content type created by another content creator.

Describe the solution you'd like.

Be able to setup the permissions as described.

I think it would be useful to have multiple permission entries/rules for "cms.contentEntry" (perhaps also for any plugin) in the identity permissions.

In addition to this it would be good to have some ability to even use wildcards.

Perhaps something like this:

{
  "name": "cms.contentEntry",
  "entries": "myContentTypeId.*"
  "own": true,
  "rwd": "rwd",
  "pw": "pu"
},  
{
    "name": "cms.contentEntry",
    "entries": "someoneOtherContentTypeId.*"
    "own": false,
    "rwd": "r",
    "pw": ""
 },
 {
    "name": "cms.contentEntry",
    "entries": "someoneOtherContentTypeId.296f7bd62d279d0049e73b1b"
    "own": false,
    "rwd": "rwd",
    "pw": "pu"
 },

Describe alternatives you've considered.

Open up the permissions to Read, Write or Delete for all content entries (across multiple content models) but then add a lifecycle event for "onBeforeEntryCreate" which will throw an error for certain operations based on the entries for content models I don't want the user or group to be able to Write/Delete.