Hi.

I've been searching around the web but don't seem to find anything that appropriate for my project.

What I expect a permission-system to have:

1) Allow global (i.e. change_post) access to users and groups (ist there in django.contrib.auth)

2) Deny global acess to users and groups (not there in django or other plugins) - I want to allow a group something but I want to deny one special user in this group the same thing, this (afaik) cannot be establish through allow-only permissions

3) Allow/Deny per-object access (I want to allow/deny one special user to edit just this one special object but not all objects) (there are dozens of plugins to do this)

4) Allow/Deny based on rules (If user is leader of a group then he is allowed to add new members to this group | If user is editor of an article then he can publish it an no one else) - I found at least one plugin to do this but it lacks my

5) Special/Extra wish: Allow/Deny based on rules without having them hardcoded (i.e. one could add a allow/deny-rule via an admin-backend without changing the code)

As 1),3),4) are already there, I am most desperately looking for a solution for 2) because this is something I really need - unless you can prove me wrong
5) would be a nice-to-have.

Thanks in advance.