First cut at permissions policies

[ian-ross]

Covers organisations, projects and users. This goes with the information on the wiki page at https://github.com/Cadasta/cadasta-platform/wiki/Permissioning-policies and is intended to cover at least the first part of #8 -- there will be more permissions-related stuff as we implement new features.

[oliverroick]

I fixed some syntax errors, a few commas were missing.

Two questions/remarks on this:

1. I don't get the purpose of project-user. It has less permissions than default. Is it supposed to be used together with other policies?
2. The data-collector role needs some more actions I think, such as project.data.add or project.data.edit. We need to remember to add those when we work on surveys.

[ian-ross]

That was a lot of syntax errors! Cut-and-paste-itis, for sure.

Answers to questions:

1. The idea of the project-user role was for "normal" users attached to a project. If there's no role associated with attaching a user to a project, it seems like it's a no-op. And yes, the idea is for policies to stack: everyone gets the default policy, then other roles and policies are applied on top. That's true for all the policies. Let me edit the policies a bit to make things more explicit.
2. Yes: there are going to be lots more actions for all sorts of things. I didn't think there was much point in trying to guess what they would all be in advance. I'm planning to add them to that big table in the wiki as we come up with new ones.

[ian-ross]

I've added some comments to the policy files here, and some more text to the wiki page. I don't consider this "finished" in any sense -- it's more just something to get us moving in the right direction with these things.

[oliverroick]

Ok, looks all good. I will merge this.