Should a user with manageRoles be able to delete roles that contain settings for permissions that the user does not have?

[towerofnix]

I'm leaning towards "no", but I'd like thoughts.

[bates64]

Is there a 'manageAllRoles' permission, or similar? Otherwise I'd say manageRoles should let you control all manner of roles ie. you're an admin. Not sure how it's currently laid out in the spec though?

[bates64]

Side Q - @towerofnix does the spec make the _member and _guest (or whatever their names are) roles obvious enough that they will be implemented by default? We should probably declare a default set of permissions for these default roles (that servers should use at init) and say they may not be renamed or deleted.

[towerofnix]

@heyitsmeuralex Updating the docs to make note of the specific permissions given to default roles would be good. In my branch, I've got a roles.js file that contains all default roles.