Adrian Lanning mentioned in his dev shop presentation that access control should be implemented based on action, rather than job title:
However, the alanning:roles package seems oriented towards defining user roles, which typically take a ‘job title’ form (admin, staff, etc). How can we augment the roles package to create groups of action-based permissions (i.e. creating a group-based Access Control List):
What are some options and common patterns to combine user groups with access control verbs (e.g. ‘can’) in Meteor.js projects?
In searching for existing solutions, I have found the following resources to be inspiring.