• Use middleware to plug into the various aspects of a requests life cycle. We'll plug into `after_request` for providing default permissions.
• Create a hook which contains: the event to handle, what part of the life cycle the hook plugs into and the actual functions to call,
• Events can be identified using their `request.base_url` parameter.
• Each hook registers itself to the global set of hooks (TODO: Figure out how to automatically handle the registration).

@app.after_request
def handle_hooks():
  for hook in hooks:
    if hook.lifecycle == "after_request" and hook.can_handle():
      hook.run()


Hooks = [RegistrationHook, ...]


class RegistrationHook:

  def can_handle(self):
    request.base_url == "register"

  def lifecyle:
    return "after_request"

  def run(self):
    ...

• After login/registration, use the email to get extra privileges assigned to a user. We use `login` too to ensure that all users have the most up-to-date roles and privileges.
• This means that any user gets assigned these privileges and normal workflows can happen.

• Create a new role that contains the default privileges we want to assign to users depending on their domain.
• This role will link up with the privileges to be assigned to said user.
• Example privileges we may want to add to users in the `.edu` domain:

* group:resource:edit-resource * system:inbreadset:apply-case-attribute-edit * system:inbreadset:edit-case-attribute * system:inbreadset:view-case-attribute

• Create an extra table that provides a link between some `email identifier` and the role we'd like to pre-assign. We can use python regex for the email identifier e.g. `*.edu$` or `*.utsch.edu`.
• This will be the table used by the Registration Hook.
• This also allows us to edit roles/privileges without code releases.