Don, your new speedy permission_p check was about the only piece of code that allowed me to understand how permissions get set for group members. The groups data model and pl has a bunch of table that cause a lot of confusion.
I still haven't looked at .LRN for relational segments. I just looked at the table for it, and each segment consumes an object_id and stuffs data into parties as well. So I wasn't sure why this is ligher weight than using a group or
I wish there was some easy way to diagram what I am trying to do, but I'll try.
User types: unicyclist, parent, coach
Group types: unicycle_club, uni_group
When a new user who is a unicyclist is added to the system, a group of type uni_group is created. The unicycling user is then given a unicyclist_rel relation to this group. The user is also granted admin permission on this group, and the context_id of the user is set to the group_id. So even though the usual direct permissions granted to the user (read/write) are not added to acs_permissions, the user still has read/write and now admin on their user_id.
Parents, or coaches, may want to read/write/admin for the unicyclist, so I was thinking of using acs_rels (parent_rel) to identify which unicyclist groups the parent was related to, and assign permission on the group depending on what was desired, but after looking at the dm, this seems very heavyweight for just saying object_a has relationship of type b to object_c. Acs_rels still seems to serve the purpose of something similar to parties for the user/group split, maybe relational segments is a more targeted type of relationship, being derived from parties? Anyway, I can't seem to understand how a relational segment would help, but surely and acs_rel isn't needed. How can I group parents into a relational segment? Would that somehow allow me to assign the permissions I want in a easier way?
So there are two separate systems here: relationships and permissions. But when you create a new membership_rel, this triggers inserts into party_approved_member_map, which leads to permissions, so in this case, the two systems get mashed togeather.