Description

Platforms such as Bukkit provide ways of plugins to specify default values for their permissions (i.e. default - everyone gets it unless overridden, op - opped users get it unless overridden, Bukkit's default, none - no one gets it by default, generally for "restrictive" permissions i.e. foo.prevent.bar). For some more advanced users, exposing the listing of these in a filterable way would be beneficial in at least 2 cases I can think of:

• An admin wishes to audit the permissions given to everyone by default, and remove only those not desired, instead of the nuclear option of disabling respecting default values and setting all the default permissions manually.
• An admin wishes to use aggressive wildcards for a top-level group i.e. owner, and wishes to see which permissions a plugin recommends against giving to top-level groups (none value) so that the admin can then negate them.

Proposed Behaviour

Assuming it's technically feasible to list these overrides (I'm not sure how well platforms expose this), I believe the ideal way to expose this information to admins would be via the Tree web viewer (possibly behind default-disabled viewer option to prevent information overload to new admins), with the ability to filter the displayed nodes to those with a certain default state.

I'd also suggest a command-based local system (in case web services go down / the admin doesn't trust them), something along the lines of /lp listdefaults <default state> [page]

Extra Details

I'm aware this tooling largely caters towards users of 2nd-level (foo.*) and top-level (*) wildcards (both true and false), which we generally try to discourage. That being said, users will take the lazy route the majority of the time regardless of whether we actively discourage it or not. If users will take the unsafe route anyways, might as well give them tooling to help make it a little less unsafe.

I'm interested in looking at this, if it's still needed and if there's anything I can do! :)