Introduced role-based capability system.

It's still rather limited and hard-coded, but it works.

src/styles/_search.sass

@@ -96,7 +96,7 @@ $search-hit-width_grid: 100px
 #search-container
 	display: flex
 	border-radius: 0
-	min-height: 500px
+	min-height: 600px
 	background-color: white
 
 	+container-behavior
@@ -782,4 +782,3 @@ $search-hit-width_grid: 100px
 				color: white
 				background-color: $color-primary
 				border-color: transparent
-

src/templates/_macros/_menu.jade

@@ -4,7 +4,7 @@
 
 | {% if current_user.has_role('demo') %}
 | {% set subscription = 'demo' %}
-| {% elif current_user.has_role('subscriber') %}
+| {% elif current_user.has_cap('subscriber') %}
 | {% set subscription = 'subscriber' %}
 | {% else %}
 | {% set subscription = 'none' %}

src/templates/errors/403_embed.jade

@@ -8,7 +8,7 @@
 				| {% if current_user.is_authenticated %}
 				| {% if current_user.has_role('demo') %}
 				| {% set subscription = 'demo' %}
-				| {% elif current_user.has_role('subscriber') %}
+				| {% elif current_user.has_cap('subscriber') %}
 				| {% set subscription = 'subscriber' %}
 				| {% else %}
 				| {% set subscription = 'none' %}

src/templates/nodes/custom/comment/list_embed.jade

@@ -44,7 +44,7 @@
 			| {# * User is authenticated, but has no subscription or 'POST' permission #}
 			.comment-reply-form
 				.comment-reply-field.sign-in
-					| {% if current_user.has_role('subscriber') or current_user.has_role('demo') %}
+					| {% if current_user.has_cap('subscriber') %}
 					i.pi-lock
 					|  Only project members can comment.
 					| {% else %}

src/templates/projects/edit_node_types.jade

@@ -18,7 +18,7 @@ span#project-edit-title
 			When we add support for new node types in the future, it means we
 			allow the creation of new items (such as textures).
 
-		| {% if current_user.has_role('admin') %}
+		| {% if current_user.has_cap('edit-project-node-types') %}
 		ul.list-generic
 			| {% for node_type in project.node_types %}
 			li

src/templates/projects/index_dashboard.jade

@@ -39,7 +39,7 @@ meta(name="twitter:image", content="{{ url_for('static', filename='assets/img/ba
 						span ({{ projects_shared|length }})
 						| {% endif %}
 
-					| {% if (current_user.has_role('subscriber') or current_user.has_role('admin')) %}
+					| {% if current_user.has_cap('subscriber') %}
 					li.create(
 						data-url="{{ url_for('projects.create') }}")
 						a#project-create(
@@ -73,7 +73,7 @@ meta(name="twitter:image", content="{{ url_for('static', filename='assets/img/ba
 								li.when(title="{{ project._created }}") {{ project._created | pretty_date }}
 								li.edit
 									a(href="{{ url_for('projects.edit', project_url=project.url) }}") Edit
-								| {% if project.status == 'pending' and current_user.is_authenticated and current_user.has_role('admin') %}
+								| {% if project.status == 'pending' and current_user.has_cap('view-pending-nodes') %}
 								li.pending Not Published
 								| {% endif %}
 
@@ -113,7 +113,7 @@ meta(name="twitter:image", content="{{ url_for('static', filename='assets/img/ba
 								li.who by {{ project.user.full_name }}
 								li.edit
 									a(href="{{ url_for('projects.edit', project_url=project.url) }}") Edit
-								| {% if project.status == 'pending' and current_user.is_authenticated and current_user.has_role('admin') %}
+								| {% if project.status == 'pending' and current_user.has_cap('view-pending-nodes') %}
 								li.pending Not Published
 								| {% endif %}
 

src/templates/projects/sharing.jade

@@ -11,7 +11,7 @@ span#project-edit-title
 #node-edit-container
 	#node-edit-form
 		.col-md-6
-			| {% if (project.user == current_user.objectid or current_user.has_role('admin')) %}
+			| {% if (project.user == current_user.objectid or current_user.has_cap('admin')) %}
 			.sharing-users-search
 				.form-group
 					input#user-select.form-control(
@@ -44,7 +44,7 @@ span#project-edit-title
 						span.sharing-users-extra {{user['username']}}
 					.sharing-users-action
 						| {# Only allow deletion if we are: admin, project owners, or current_user in the team #}
-						| {% if current_user.has_role('admin') or (project.user == current_user.objectid) or (current_user.objectid == user['_id']) %}
+						| {% if current_user.has_cap('admin') or (project.user == current_user.objectid) or (current_user.objectid == user['_id']) %}
 
 						| {% if project.user == user['_id'] %}
 						span
@@ -70,7 +70,7 @@ span#project-edit-title
 | {% endblock %}
 
 | {% block footer_scripts %}
-| {% if (project.user == current_user.objectid or current_user.has_role('admin')) %}
+| {% if (project.user == current_user.objectid or current_user.has_cap('admin')) %}
 script(src="{{ url_for('static_pillar', filename='assets/js/vendor/jquery.autocomplete-0.22.0.min.js') }}", async=true)
 script.
 	$(document).ready(function() {

src/templates/projects/view.jade

@@ -177,7 +177,7 @@ link(href="{{ url_for('static_pillar', filename='assets/css/project-main.css', v
 						i.pi-more-vertical
 
 					ul.dropdown-menu
-						| {% if current_user.has_role('admin') %}
+						| {% if current_user.has_cap('admin') %}
 						li.button-featured
 							a#item_featured(
 								href="javascript:void(0);",

src/templates/users/edit_embed.jade

@@ -59,6 +59,18 @@
 
 		| {% endfor %}
 
+		.form-group.capabilities
+			label Capabilities
+			| {% if user.capabilities %}
+			ul
+				| {% for cap in user.capabilities|sort %}
+				li {{ cap }}
+				| {% endfor %}
+			| {% else %}
+			p
+				i.pi-cancel
+				| none
+			| {% endif %}
 
 		a#button-cancel.btn.btn-default(href="#", data-user-id='{{user._id}}') Cancel