Description
Currently, i cannot think of a way to disable a Role without deleting it, and keeping a copy under a different name. Then copying it back, with all children roles and users under its initial name.
I think it would be a good idea to address a new Column called "Active" (or Enabled) in the _Role class that is initially set to TRUE. Users with Role write ACL will be able Activate or deactivate this Role.
So any Objects protected by this role (or its children roles) will be locked until this role is activated again.
Simple Example:
RoleA {has privilege A }
RoleB under RoleA {has privilege B & A }
RoleC under RoleB {has privilege C & B & A }
now when RoleB is disabled.
Any objects with RoleB ACL are now Locked (depending on the ACL of course)
Users with RoleC will only have privilege C (since RoleB will not be accessible when performing RolesOfRole() _keep reading_)
I am not greatly familiar with the internals of parse-server and how it gathers the user's roles whenever there is a query. But this task should be fairly simple by addressing a new constraint requiring the 'Active' collumn not to be FALSE (not == TRUE, to be able to support previous schemas maybe), whenever the user's roles or the RolesOfARole are fetched.
However, this constraint should not be added on all queries, where it is intended to aquire the Roles, for example in Parse.Cloud, rather it should be deeply available only when aquiring the Roles of a user for a query security. (hope it makes sense !)
I think this would be a powerfull addition where multiple user privileges segmentations can be easilly achieved by just disabling or enabling a Role.