Access control (RBAC) with exclusion for REST

Are there any access control approaches that allow customizing permissions (exclusion of a rule permission for a specific user - for RESTful webservice)?

Example:

Mary has the role of supervisor where she can create and edit posts, however I would like to remove the permission to create posts but keep the role of Mary's supervisor.

User: Mary

Role: supervisor

Permission: Create and Edit posts.

Intented: Mary is a supervisor and can't create posts.

Note: I don't want create two roles. The system administrator must be able to customize the roles and permissions (pre-defined) of the users. I would be grateful for suggestions of libraries in PHP.

Solution

What you need is a rule-based approach where you could define:

A supervisor can create and edit posts
Deny a user the right to create if they are on a blacklist.

To do that, look into XACML or ALFA which do just that. I think there is a PHP XACML library

PHP Array to List only values
Limit only shipping states (provinces) but not billing states in WooCommerce
Use API to autofill form options?
How to count number of social shares on web page locally
Split a string by <br> tags wrapped in newlines
Add prefix to array elements then join into a string
Split a single-line numbered list into a flat array
Split a single-line string containing a numbered list into a flat array
Split a string into an array of its characters
Parse square brace tagged text into an associative array
Parse an SQL CALL statement and create an array with its parameters
Parse a querystring into an associative array
Parse a querystring
How to get an email address with a LinkedIn signup API with PHP
Separate a string containing multiple sets of <tr> tags into an array
Parse a string with two delimiters into an associative array AND how to get the last tag in an HTML string
PHP - Check if more than one condition is true in a given number of conditions
How to insert an item at the beginning of an array in PHP?
jQuery how to fix Cannot set property '_DT_CellIndex' of undefined?
Parse inline style declaration string to array
Populate two arrays from substrings in multiline text
How to query all the GraphQL type fields without writing a long query?
Replace commas not inside single quotes with an @ symbol
Stripe return url to outside of public folder
Split the comma-separated string of a specified column in each row of a multidimensional array
Split string on commas not inside double quotes
Laravel : CRUD update a form
syntax error checking in php on a project level rather than file
how to disable google analytics on localhost
Carbon.php The separation symbol could not be found Data missing