My question is: is it possible, starting from user's credentials, to know what s/he can do BEFORE s/he try to do anything ?
In general: Nope.
The problem arises because i need to generate interfaces that allow the user to perform exactly the actions s/he is allowed to do.
IMHO not possible in a generic way.
I know that i could do the job by looking for the group the user belongs to, but accessing the ACLs would be a more straight way.
Ciao, Michael.