At present I have the following models:
users <-> permissions <-> objects
I wish to expand this to include groups, so that groups can contain
users and have permissions (a user might be part of more than one
group). However, the only way I see to do this is:
users <-> user_permissions <-> objects
users <-> group_memberships <-> groups <-> group_permissions <-> objects
Is there a nicer way to do this so that I only need one permissions
model, or is this the best way to do it?
Also, whichever way I do it, is there a nice way to make groups for
special cases such as “all users” and “administrators” without having
them in the database?