Separate Non-Index Index-Relevant Permissions from Global Permissions
If it's not obvious from the title, let me explain the first feature that I noticed affected by this issue:
In terms of global permissions, or the default permissions for a usergroup, it is possible to allow users to make feeds. These might be global feeds (feeds that are important for everyone and get a unique URL) or personal feeds (feeds that are important to one user and don't get a special URL).
In general, this permissions design works well. However, it is possible to make a feed that isn't saved in an area. These are generally very important feeds, and they might be shown in a widget on the wiki index or other places. Since there is no area to get permissions from, under the current design, it uses the default permissions for a usergroup.
But this is a problem. What if you want to allow a usergroup to create feeds in all areas (default permissions behavior), but NOT create feeds at the index level? There is currently no way to do this, except for leaving the permission off by default and making custom permissions in every single area to turn it on.
There are other permissions that would make sense to modify at the index level, while not affecting default permissions, such as:
- Discussion Permissions, for discussions attached to the index
- Comment Permissions, for comments in discussions attached to the index
Thus, in the customize permissions pages, we should add an option to customize permissions for "[No Area / Index]" that includes permissions that make sense for the index.
Careful thought should be given to the implementation:
We want these permissions to override only for the index (areaid: 0), while not being used as a default everywhere. Also, we should apply it in a way that minimizes queries -- we typically check if the user can view the wiki using (areaid: 0), but we should avoid querying for the index ID if we can. Perhaps such a set would use the generally available index-type-id as its nodetypeid?