Comprehensive permissions testing

[mtbcarroll]

Our permissions overview in the sysadmin documentation leaves much unspecified. Petr has been looking after some excellent Google Drive spreadsheets that have a lot more detail in the tables, but not yet everything. There are many variables: group membership (admin, owner, member, not), group permissions (including those not presently exposed in the UI), multiple-group situations (e.g., moving something from one group which has permissions P and for which I have membership Q, to a group which has permissions R and for which I have membership S, and perhaps P = R), extra associated data of different ownership that may be carried along with it (various kinds of annotations, which may be owned by some third party with other group memberships, so now we have T and maybe more variables), etc.

Of course, when associated data gets somehow separated from its original target, there is also the question of what then happens to it. Some things might make sense in an orphaned existence. But, for instance, if I move an image and didn't mean to thus delete another user's comments and I regret my action and move it back, maybe they're still gone.

What I would like is for every possibility to be enumerated such that it is clear in every case what should actually happen. Then, I would like integration and UI tests to actually try out every one of those cases. (Icing on the cake would be some kind of background story of workflows and intent from which these rules are obviously derived, because that'll be necessary if we ever need to explain the system more fully to anybody else: a why to follow the what.)

(This arose because I was trying to find out for the failing tests in AnnotationMoveTest which of the failing tests fail because the test is wrong and which because the server is wrong. From our documentation it's really not an easy question to answer.)