Getting the permissions right

[Matt-Holland]

As a reminder, the conceptual setup is this:

1. A person has three types of data: Public, Personally Identifiable Information ("PII"), and "Proxy"
2. "Proxy" data is data that can stand-in for PII so that others may interact with the person without seeing the PII. For example, a nickname or handle is a Proxy for the PII element "real name"
3. PII is defined as Real name, email address(es), phone number(s), and full physical address.
4. The permissions covered in this ticket are the permissions granted to a Group, not to "the general public". Controls over what data is published to the anonymous public are handled elsewhere.
5. A group has two levels of user: an Organizer, and a Member. An Organizer always has >= as many privileges as a Member.
6. When a Person joins a group, their "Public" data is always available to all Organizers of that Group. Which Public data is available to Members is not covered in this ticket.
7. Access permissions to a single Person's PII data is set separately from access to the Public data.
8. Access permissions can be one of three levels, which we'll refer to by corresponding colors: a. Green: Organizers may see the PII, and may pass on that access to other affiliated groups b. Yellow: Organizers may see the PII, but anyone outside of the current group may only see the corresponding Proxy data for this Person c. Red: Organizers of this group may only see the Proxy data, no data (not even proxy) may be shared outside the current group

TASKS

• [ ] segregate the PII data for Person records. (Note that some PII such as email addresses are stored in a different model than the Person model...)
• [ ] split the organizer role into two roles: can_see_PII, and can_not_see_PII

extend the ability class so that you have access to describe can view