I have learned that we currently do not support adding permissions to
existing role:
role "Existing Role", [:existing_perm, :new_perm]
In this case, new_perm is simply ignored.
Can someone give me a hint, what is the standard practice here to add a
permission(s)?
It looks like there is a constraint in the code to skip adding
permissions if there are existing ones. I tried to remove this
constraint but I was unable to understand what is going on (got some
validation taxonomy exceptions).
We do not want to add permissions back when roles are modified by
administrators. Therefore users need to add the permissions themselves.
Until roles are read only or we have some kind of validation that would
ask admin to add missing permission, that's the only way I think.