control permission
By having the 'control'
permission I should in theory be able to have control over the permissions, and change them for other people
In practice we don't provide a method to do this through the API
My suggestion would be to implement this via a view which adds/removes object-level permissions, if I have 'control'
permission over the resource
This would not however be sufficient for controlling container permissions
Something to note is that we generate Web-ACLs on resources dynamically through methods such as get_user_permissions
, and these same methods are used to compute whether a user is granted a permission or not