Negative permission that override the normal permission

[Vinciepincie]

Hi, i think it's a good idea to add a negative permission that override the normal permission.

I don't exactly know how this works, but i understand there's some sort of middleware that returns true when the user has a permission either directly or through a role.

The idea:
With this feature the middleware will check first if the user or one of his roles has the negative permission.
If it has the negative permission it will return false, even though the user has the normal permission assigned to himself or a role he has.

This is useful if you want to "ban" the user from doing something specific, without deleting all roles.

I can think of many situations where this is useful. Here's 2:

Example scenario:
Everyone has the role "User" by default.
person1 is an normal user, he also has some other roles such as "Premium", "Event Hoster".

The role "User" has the permission: "create posts".

person1 misbehaves. He keeps spamming posts, despite the admin saying he should stop.

An admin gives him the role "Banned". The role banned has the negative permission "-create posts"

Now even though person 1 has the role "create posts" he won't be authorized to create a post since the negative permission overrides it. The ban is temporary, and when person1 is "unbanned" again (Banned role removed) admins don't have to manually assign all his roles and permissions again.

Example scenario 2:
As a security measure users that haven't logged in in some time get the role "Inactive" which overrides some important permissions with negative permissions.

When the user gets active again he will contact the website admins. The admin will remove the inactive role, and the user still has his permissions and roles.

[erikn69]

You can make your own trait, example: #1895 (comment)
Also you can use gate https://spatie.be/docs/laravel-permission/v5/basic-usage/super-admin#gatebefore
There is many options only you have to read