user_access() for a hierarchical permission system

I think the overall concept needs a lot more discussion first, see #1200572-5: Concept of a hierarchical permission system

1. Please do not mix changes regarding to only your own environment/contrib stuff with core stuff: please get rid of the first hunk that changes .gitignore.

2. while (TRUE) sounds like an infinite loop, which makes it harder to understand what the cycle does, since one has to be sure that the loop actually ends in every case by understanding every and all dark corners. Most (if not all) of the time this infinite-looking condition could be replaced by something that makes the whole cycle easier to understand.

Anyway, I'm not even sure if this kind of review is needed this early time of your coding effort.

Subscribing. No time to review now, but I commented in the other thread.

+  // Iterates through the parts of the permission string.
+  while (TRUE) {
+    // If the string corresponds one of the permissions, the user has the
+    // given privilege.
+    if (isset($perm[$account->uid][$string])) {
+      return TRUE;
+    }
+    // Otherwise we cut the segment after the last dot.
+    $last_delimiter = strrpos($string, '.');
+    if ($last_delimiter === FALSE) {
+      // If there are no more dots, we have to deny the access.
+      return FALSE;
+    }
+    $string = substr($string, 0, $last_delimiter);
+  }
+  return FALSE;

how do we ever get to the last return FALSE; here? the fact that it's there makes the already-confusing loop more confusing. The fact that we're doing something like while(TRUE) in core should be documented carefully, explaining why we're doing this and how we're sure that we won't end up in an infinite loop.

+      while (TRUE) {
+        if (isset($permissions[$available_permission])) {
+          unset($permissions[$available_permission]);
+          break;
+        }
+        $last_delimiter = strrpos($available_permission, '.');
+        if ($last_delimiter === FALSE) {
+          break;
+        }
+        $available_permission = substr($available_permission, 0, $last_delimiter);
+      }

Same thing here, no documentation at all.

+ // Backwards compatibility: if there is no delimiter, the module doesn't use

This line is over 80 characters.

error: core/modules/simpletest/drupal_web_test_case.php: No such file or directory
error: core/modules/user/user.test: No such file or directory

Patch no longer applies.

And related discussions https://groups.drupal.org/node/223189

We'd have to add this as an entirely new subsystem then gradually convert permissions and calls over to it. This means if it happens at all, it could potentially be done in 8.x. So moving back, but postponing on the ideas issue.

Thank you for creating this issue to improve Drupal.

We are working to decide if this task is still relevant to a currently supported version of Drupal. There hasn't been any discussion here for over 8 years which suggests that this has either been implemented or is no longer relevant. Your thoughts on this will allow a decision to be made.

Since we need more information to move forward with this issue, the status is now Postponed (maintainer needs more info). If we don't receive additional information to help with the issue, it may be closed after three months.

Thanks!