Rethink permissions... again

• pgsql funkce jsou docela fajn, ale těžko se debugují spolehájí na string consts (a aktuálně ani nevím, jak je narvat do konkrétního schematu).
• S rolemi jsou perms najednou tak komplikované, že by se je hodilo mít materializované v nějaké entitě.

EntityPermissionInfo

• Creation when any entity gets created
• Seeding an empty EntityPermissionInfo for the system HRIB
• Explicit permissions (AccountPermissionSet)
• Inheritance: everything -> system
• Inheritance: project group -> parent organization
• Inheritance: project -> parent project group
• Inheritance: artifact -> parent (>=0) projects
• Inheritance: shard -> parent artifact (Just use perms on the artifact.)
• Permission removal (AccountPermissionUnset) (NB: Replaced by using RolePermissionSet with None instead.)
• Move: project group to another organization
• Move: playlist to another organization
• Move: project to another project group
• Move: artifact to another project
• Roles: RolePermissionSet
• Roles: RolePermissionUnset (NB: Replaced by using RolePermissionSet with None instead.)
• Roles: set perms on accounts (AccountRoleSet)
• Roles: unset perms on accounts (AccountRoleUnset)
• Global permissions: set GlobalPermission on EntityPermissionInfo