I want to implement a permission system for my small flat file cms Typemill and I am not super sure, if I should follow RBAC or ACL. What the heck is the difference? I want to create roles like this:
- "reader" (public access),
- "member" with auth and access to "member" content
- "customer" with auth and access to "paid" content
- "author" with auth and access to his own articles
- "editor" with auth and access to all articles, but no rights like publishing
- "publisher" with publishing rights.
- "admin" with access to admin settings.
Everything with enough flexibility.
So what should I use?