Permissions

The system of permissions is more complete than that in Drupal, and for example a user can see the balance of the accounts that are in the exchange of their accounts, but not the reverse. For this we would have to create permissions for each new exchange and go to assign for each user. With the system we have now this is calculated dynamically.

These are the types of resources or scopes:

user
account
exchange
global

And these properties within the resources:

account seller
account buyer
account transactions
exchange details
exchange accounts
...

And also these are the types of permissions:

view
use
edit
admin

Then an entry in the ces_permissions has this:

['view', 'exchange accounts', 2, 'exchange', 2]

signifying we have permission to 'view' the object 'exchange accounts' referring to exchange id=2 and all the users that have accounts in the exchange id=2.

Then on the permissions admin page, if you want to do it, you can work with two forms: an interface that hides the internal operation and asks general use cases:

The users who can pay
The users who can sell

This has the difficulty of identifying appropriate use cases and programming the logic that relates the two worlds, but results in an understandable interface.

Another interface that can use the database is more powerful, flexible and takes less development work, but is probably more difficult to use.

Now I hope to improve this, or in any case make the second option to be more simple. And we can always help the administrator a little with drop-down fields and such instead of plain text fields.