10 * Update group metadata and access control list
12 * Add ad delete members of this group
14 * Join and quit this group
21 =item HasRight { Right => 'somerightname', ObjectType => 'Group', ObjectId => 'GroupId'
23 Returns true if this user has the right 'somerightname' for
24 the group with id 'Id'
29 =item RightsForObject { ObjectType => 'Group', ObjectId =>'GroupId' }
33 =item WhoHaveRight { Right =>'somerightname', ObjectType => 'Group', ObjectId => 'GroupId' }
36 Finds all users who have the right 'somerightname' for the group
39 If a user has "AdminGroupMembers" globally and we ask about
40 group 23, that user should be found.
44 Users must be able to delegate individual rights
46 * Is it that users can delegate any and all rights but it's
47 only rights they _have_ which actually grant rights.
49 rights must not be redelegated
51 users must be able to create groups to which rights can be delegated.
53 Only users who have the "delegate rights" right can delegate rights.
56 When a user's right to do something is revoked, the delegation must
59 * For any delegated ACL check, the delegator's right must be
60 checked immediately after the delegatee's right.
61 If a user has had a right delegated by multiple parties,
62 this may mean that we need to actually loop through and check
63 a bunch of possible delegations. Or can we craft a "has delegated
72 ACL 1 Group Q has the right to Frob ObjectI.
73 ACL 2 User A has the right "DelegateRights"
75 Group Q has the member Group S
76 Group S has the member Group R
77 Group S has the member Group T
78 Group R has the member user A
79 Group T has the member user A
81 User A delegates to Group P the right to Frob ObjectI
85 ACL 3: Group P has the right to Frob ObjectI
86 as delegated from ACL1 by User A
89 In the case where ACL1 is revoked:
91 find all acls which are delegated from ACL1.
94 In the case where User A is removed from group R
96 Get the list of all groups that A was in by way of group R before the removal
97 Get the list of all groups that A is in _after_ the removal.
99 Find all the ACEs granted to each group that A is no longer in.
100 For each ACE in that list, find all the rights that A has delegated.
103 In the case where Group S is removed from group Q
106 Get a list of all groups that S was in by way of Q before the removal
109 For each user X who's a member of S (directly or indirectly):
110 Get a list of all groups that X is in after removal.
111 For each group in O that X is no longer a member of:
112 Find all ACEs granted to O
113 For each ACE, look up all the delegations that X has made.