Permission for a non CRUD action/behavior - Task Based UI

Current permission system allows to grant Role access to Doctype CRUD actions (Create, Read, Update, Delete, …).

What if I need to configure permission for domain specific actions that are not CRUD actions ?
Think task based UI - Decomposing CRUD to a Task Based UI - CodeOpinion.

Or what if some permission grant you some relaxed validation rules ? ex: If user is manager, allow to complete a task today that was planned on another day.

How do you handle similar cases with current permission system ?