I noticed that I spend too much time ticking checkboxes on the permissions page. Especially, when the site has a lot of custom roles such as "community member", "paying customer", "content editor", "employee", "partner" etc.
A lot of the checkboxes could be prefilled with useful values, if hook_perm would return more useful information. At first I thought, Drupal should define more role presets (in addition to "anonymous user" and "logged-in user"), and then hook_perm would define which of these roles get this permission by default. But, that's not even necessary!
Here's the idea:
- Hook_perm returns a number between 0 for "unlimited access" an 10 for "admin only".
- Each role you create gets a number between 0 and 10.
- Whenever a new permission or role is created, the respective new role/perm checkboxes are filled with computed values: If the role has a higher level than the permission, the value is set to TRUE (checked), otherwise to FALSE (not checked).
This would solve the problem for many use cases. And, the numbers could even be used to decorate the permissions page with some nice colors, visualizing which of the permissions are critical for security and which are not, and which of the checkbox values match or mismatch with the ("recommended") computed values.