Document Access Control Rules
Now the rules for document access control in Morpho and MetaCat are:
1. If a data package doesn't have access control list, the owner of
datapackage will be the only full control.
2. If a data package does have access control list, apply it.
3. If a member document of data package doesn't have access control list,
access control of data set document will apply to the member document.
The third rule is no good and need to get rid of it.
The reason is:
If a package smith.23.1 has a triple to point smith.34.1 and smith.34.1
doesn't have access control list. It is okay because they all belong to a
owner - Smith. If another package named henry.2.1 has a triple to point
smith.34.1 too. Because smith.34.1 doesn't access control list and henry can
access it. Maybe henry doesn't allow to access it.