Add support for "all" scopes and "all" verbs in permission grants

[slifty]

We have a few use cases where we want to be able to give a given permission verb to "all" entities related to a given entity, or to give "all" verbs.

For example when someone creates an entity they should be given all permissions on all related to that entity.

I can think of two reasons an "all" verb / scope is useful as opposed to simply creating a permission with all the available verbs / scopes at the time of insert:

1. Convenience <-- this is not a reason in itself, but it's worth mentioning
2. Conveying intent. This one matters because as we expand the permission system we will have additional scopes / entities. As we add these we might not be able to necessarily assume that a user was intended to have all future permissions / scopes going forward simply by looking at a list that happens to have all current entries. Are they the owner, or are they just well permissioned? On the other hand, an "all" verb conveys the intent that they are supposed to be treated as an owner / admin of an entity and have their permissions expanded.

For the verb case "all" could also be "admin" or "own"; for scope I think it does need to be "all"

---

And finally from a verb perspective... we could simply have manage mean "all access to all scopes". This might be the most reasonable approach, because manage does ALREADY mean that a user has the ability to grant all permissions on all entities to themselves, so functionally speaking a user with manage permissions on an entity has the capacity for full access to it and all child entities.

[bickelj]

I like this idea, yes. Getting more nitpicky, if we replace "given all permissions on all related to that entity" with "given all permissions on all underneath that entity" I fully agree.

It would also be nice to extend this concept to users and groups, e.g. grant view permission on this entity to all users.

[slifty]

Agreed yes, that is more accurate!

For the groups / users we have #1774 to catch that need (very much needed, agreed!)

Also I added an "edit" thinking about manage -- what do you think there?

[bickelj]

We just spoke and I agree that manage can mean "all permissions at and under this entity". Save "all" for perhaps "scope" and/or other stuff.

[slifty]

Ok just talked with @bickelj and I think this summarizes the plan:

1. manage as a verb already makes sense to be treated as admin / owner (no need for a rename, an no need for an all verb). A user with manage permission can give themselves any permission for that entity OR subordinate entity.

2. all as a scope may make sense but let's do the manage change first and see what is still needed after that!

EDIT: ha jinx @bickelj