Append right

[joepio]

We have read and write, but that does not cover a lot of common usecases, where you want to allow creating something, but not edit the parent.

• Creating a comment on some thing
• Adding a message to a chatroom
• Submitting a questionnaire

I think adding an append right fixes these. Just like read and write, this can be an array of Agents. The right will be checked on creating a resource - the parent must have a write or append right.

What if a parent's parent has an append right? Does it traverse?

Append right traversibility

• If it traverses, we could re-use existing logic, and keep it consistent. But this would also mean that users may append stuff to children, creating large trees. Sometimes that's what you want, but sometimes you want to limit these options. See also Limit usage of server - agents should not be allowed to create huge sub-trees #111
• If the Append right does not traverse (only works for direct children, not grandchildren), we'll have a bit more custom logic needed for the Append check. And we should be wary of users setting persmissive rights on children even then, because the parent may have append, the child can still have edit, which still allows for large trees of (non-constrained) children. But that's up to the children, of course - these could be constrained.

Constraining classes

We could also add an appendOnly property, which can constrain the append right to a specific Class. In both the ChatRoom / Comment and Questionnaire examples, this would definitely be relevant. We could also interpret this to limit the accepted properties, so users can only allow explicitly mentioned Properties.

We might also add an appendLimit property, which sets a limit of how many items can be created. This may be relevant in a questionnaire.