RBAC

[kevdougful]

It would be best to work out how we want to split up access between the various personas using the app.

• Guest: Not really a role, but important to call out that some data/features on the site will be available to the public (i.e. unauthenticated visitors).
• Parent/Guardian: Can register youth as players or themselves as coaches
• Coach: Can make (certain) changes to players on their team like jersey number. Can also see information about players that other parents cannot (phone numbers, birthdate, etc.)
• Judge: A referee/umpire. Can update scores on games. Can see games/events they're invited to.
• Official: This is an ABC Board member. They can CRUD on Programs, Divisions, Locations, Events/Games, Assign players to Teams, CRUD teams.
• Admin: This is basically the dev team. This is full CRUD access on everything. Distribute sparingly.

Users can, and many will, have multiple roles. When a user logs in, the system determines the union of all their roles to get what permissions they have for the session.