I got a json file "permission_roles.json" which defines the commands which can be used by each role. There is also an implicitely declared role "sysadmin" which allows to use any command.
The roles each user has are stored in the player object on the database. Direct database manipulation is currently the only way to add or remove roles (which is - as I found out - a very dangerous method. I accidently destroyed my favorite character on the database while attempting to add a role with the update command of the mongo shell). In addition to the roles in the database, every character is also considered to have the role "everyone".
eAthena and Manaserv handle permissions per account instead of per character. I decided to use characters instead, because:
- I don't want GMs to irritate me and the players by doing GMing with their alt characters
- I am still considering to merge accounts and characters. Any functionality added to the Account class would make this more complicated.