Implement command permission system

[BinkanSalaryman]

By current implementation, any guild member can issue any command (provided they have access to a bound command channel). In the legacy .NET version it was a complex and confusing implementation, so I kindly ask:

What should be covered (and how) by the next iteration of the permission system? How to handle default permissions?

For the sake of completion I attempt to summarize what the previous iteration was like:

• Via command "permissions assign user|role permissions..." a permission entry for given user or all users of given role could be assigned
• A permission entry looked something like this:

  • utils.mail(to,message) - grant permission to use "mail" command to specified user/role

  • !utils.mail(to,message) - revoke permission to use "mail" command to specified user/role

  • ~utils.mail(to,message) - reset permission / remove entry which granted or revoked permission to use "mail" command to specified user/role

  • * - grant all permissions by default to specified user/role

  • !* - revoke all permissions by default to specified user/role

  • ~* - reset all permissions of specified user/role

• All permissions entries regarding role and user entries, and grant/revoke all (->blacklist/whitelist) were hierarchically evaluated to resolved to the result to either ACCEPT or REJECT a command execution request. A reasonable default value for each command would be taken if no permissions were assigned (you could say all permission entries acted as overrides to this default).

[BinkanSalaryman]

UPDATE:
It's far from perfect, but for now sensitive or state modifying commands either require administrator permission in a guild, or bot ownership.