A very good point. And good to hear “out loud”. This is the right way for me to be thinking about confidentiality and privacy.
I have used private categories with “less private” subcategories, so that a group can work in their space and publish things to a larger public. I guess this line of work will become obsolete by this change. So I should let users know that when they want to publish something, they need to move it to another, more public category. But then, how do they find their common work on this? I suppose they need to maintain a “publications” topic where they link the ‘more public’ topics. Any thoughts?
The particular condition we are protecting against is:
- category (authors: read) - subcategory (pilots: read)
What this means is that
pilots are not allowed to see anything in the
category yet have been granted permissions in the
subcategory so something is fishy
- category (authors: read) - subcategory (pilots: read, authors: write)
Is still after this new validation.
The tricky thing though is that we no longer will allow:
- category (trust_level_3: read) - subcategory (trust_level_4: write)
This particular edge case gives me pause, there is an easy enough work around … you would have to explicitly change
- category (trust_level_3: read, trust_level_4: read)