1 files changed, 0 insertions, 115 deletions
diff --git a/rt/docs/design_docs/delegation b/rt/docs/design_docs/delegation
deleted file mode 100644
index 0e57059..0000000
--- a/rt/docs/design_docs/delegation
+++ /dev/null
@@ -1,115 +0,0 @@
-Group ACLs
-        
-        the rights:
-
-
-        CreatePersonalGroup
-        CreateGroup
-
-        AdminGroup
-                * Update group metadata and access control list
-        AdminGroupMembers
-                * Add ad delete members of this group
-        ModifyOwnMembership
-                * Join and quit this group
-
-
-        the primitives:
-       
-In user.pm
-
-=item HasRight  { Right => 'somerightname', ObjectType => 'Group', ObjectId => 'GroupId'
-
-        Returns true if this user has the right 'somerightname' for
-the group with id 'Id'
-
-=cut
-
-
-=item RightsForObject { ObjectType => 'Group', ObjectId =>'GroupId' }
-
-in users.pm
-
-=item WhoHaveRight { Right =>'somerightname', ObjectType => 'Group', ObjectId => 'GroupId' }
-
-
-        Finds all users who have the right 'somerightname' for the group
-in question.
-
-        If a user has "AdminGroupMembers" globally and we ask about 
-        group 23, that user should be found.
-
-=cut
-
-Users must be able to delegate individual rights 
-
-        * Is it that users can delegate any and all rights but it's
-        only rights they _have_ which actually grant rights.
-
-rights must not be redelegated
-
-users must be able to create groups to which rights can be delegated.
-
-Only users who have the "delegate rights" right can delegate rights.
-
-
-When a user's right to do something is revoked, the delegation must 
-be revoked
-
-        * For any delegated ACL check, the delegator's right must be 
-          checked immediately after the delegatee's right.
-          If a user has had a right delegated by multiple parties, 
-          this may mean that we need to actually loop through and check
-          a bunch of possible delegations. Or can we craft a "has delegated 
-          right" ACL check.
-          
-
-
-
-
-
-
-ACL 1 Group Q has the right to Frob ObjectI.
-ACL 2 User A has the right "DelegateRights"
-
-Group Q has the member Group S
-Group S has the member Group R
-Group S has the member Group T
-Group R has the member user A
-Group T has the member user A
-
-User A delegates to  Group P the right to Frob  ObjectI
-
-        New ACL rule:
-
-        ACL 3: Group P has the right to Frob ObjectI 
-                     as delegated from ACL1 by User A
-
-
-In the case where ACL1 is revoked:
-
-        find all acls which are delegated from ACL1.
-                Delete them
-
-In the case where User A is removed from group R
-
-        Get the list of all groups that A was in by way of group R before the removal
-        Get the list of all groups that A is in _after_ the removal.
-
-        Find all the ACEs granted to each group that A is no longer in.
-        For each ACE in that list, find all the rights that A has delegated.
-                Whack them.        
-
-In the case where Group S is removed from group Q
-
-
-        Get a list of all groups that S was in by way of Q before the removal
-        Call this list O.
-
-        For each user X who's a member of S (directly or indirectly):
-        Get a list of  all groups that X is in after removal.
-        For each group in O that X is no longer a member of:
-                Find all ACEs granted to O
-                For each ACE, look up all the delegations that X has made.
-                        For each delegation 
-                                WHACK IT