> So we only need to add a new attribute validate at Privilege and modify > Privilege.hasPermission. > > def hasPermission(userId: Long, poolId: Long, permission: > Permission.Value) = Privilege.find( > By(user, userId), > By(pool, poolId), > *By(validate, true)* > ).map(_.permission.is >= permission).getOrElse(false) > > It's done at server-side?
...or delete existing permissions for this user. This way we won't also have to edit the find*Pools methods. When a user has no permission in a pool, of course messages will not be sent to their inbox anymore.
