control permission

By having the 'control' permission I should in theory be able to have control over the permissions, and change them for other people

In practice we don't provide a method to do this through the API

My suggestion would be to implement this via a view which adds/removes object-level permissions, if I have 'control' permission over the resource

This would not however be sufficient for controlling container permissions

Something to note is that we generate Web-ACLs on resources dynamically through methods such as get_user_permissions, and these same methods are used to compute whether a user is granted a permission or not