Personally I would look towards the bukkit permissions API for inspiration, it is node-based, easy to use and understand: Bukkit Permissible Interface
I would build in supports for auth groups as well, similar to Vault Permission class as a non-required portion of the manager.
Ideally the consumer API would look something like this:
Syntax: Select all
# My current thinking is that only has_permission would have to be implemented, everything else would either return None for get, false for add/remove or whatever the SP devs prefer for API functions
player.has_permission(<permission>) # Could be any string, but a format such as "plugin.commands.slay" would be encouraged to prevent collisions
player.get_permissions() # returns a list containing all of the player's permissions
player.add_permission(<permission>, <save>) # Save would be ignored for managers that do not support saving
player.get_primary_group() # Returns either a group class representing the player's primary group
player.set_primary_group(<groupname or class>, <save>) # Would add the group to the player's group list if it is not already there, then set it to primary
player.add_group(<groupname or class>, save) # Add a group and associated permissions to the player's group list
player.get_groups() # returns a list containing all of the player's groups
player.remove_group(<groupname or class>, save) # Removes a group and associated permissions from the player's group list
A possible concern in a multi-provider environment is which provider to save to? Certainly not all of them, but perhaps the first in the server's provider list? A special config option? The solution here is not obvious and merits some discussion.
Each of these would come with an explicit, documented contract to avoid the confusion that arises from not knowing whether some permissions providers implement some features and others do not. You will be able to know for certain what you can ALWAYS rely on existing, what CAN exist and what CANNOT exist, an important distinction to raise when developing a plugin that requires permissions.
Edit: Slowly making the API here for now until I can get some responses on this.