I believe it would be cleaner to define specific permissions and to create user groups sharing specific sets of permissions.
It would imply:
- defining all the required permissions
- removing the concept of user profile (that specifies the user level)
- changing all checks on user level with checks on single specific permissions
- before migrating, we should assign all level 2 users to a group sharing a set of permissions and all level 1 user sharing a different set of permissions
I believe it would be cleaner to define specific permissions and to create user groups sharing specific sets of permissions.
It would imply: