rw----
: private group (admin can read)rwr---
: collab. read-onlyrwra--
: collab. read-annotate
r-----
: andr-r---
: strictly-read only; NO CHANGES. "Published" Note: we also need group-admin-only write Do we use another flag for that?ra----
?rwrw--
: collab. read-write (already possible in server) Allows non-group-admins to delete, etc.
------
: Disabled group?rar---
: Group can see; data is locked but annotatablerara--
: Data is still locked but annotatable by group.
This would make the anonymous ("Public") user unnecessary, so perhaps not worth the effort.
rarar-
: Everyone can see, group can annotaterarara
: Everyone can see, anyone can annotaterwrara
: as above, but I can modify my data.r-r-r-
: ... etc ...rar-r-
rwr-r-
rwrwra
rwrwrw
rwrwrw
rwrwra
rwrwr-
rwrara
rwrar-
In general, all broken due to "I have lower permissions then others who I trust less"
rwrarw
rwr-rw
rwr-ra
rarwrw
rarwra
rarwr-
rararw
rar-rw
rar-ra
r-rwrw
r-rwra
r-rwr-
r-rarw
r-rara
r-rar-
r-r-rw
r-r-ra
rwrarw
rw--rw
rw--ra
rarwrw
rarwra
rarw--
rararw
ra--rw
ra--ra
--rwrw
--rwra
--rw--
--rarw
--rara
--ra--
----rw
----ra
rw--r-
ra--r-
r-rw--
r-ra--
r---rw
r---ra
r---r-
--rwr-
--rar-
--r-rw
--r-ra
--r-r-
--r---
----r-
It's an interesting suggestion for representation, @ctrueden, thanks. Leave it up to others if that makes the discussion easier. The DB and the model objects will only use and except the longer ones, so we'll just need to make sure we don't lose sight of that.