a870f48 Spec: Describe grant delegation and verification mechanism (#184)

Authored and Committed by fr33domlover a year ago
    Spec: Describe grant delegation and verification mechanism (#184)
    
    Overview:
    
    - So far, the authorization system allows resources to grant access directly to people
    - But in a situation of projects, teams, hierarchy of projects, hierarchy of teams etc. we need a flexible and efficient way for access rights to flow between actors
    - This PR adds a delegation chain mechanisn, allowing actors to receive access and then pass it on to other actors, who can then use it to manipulate the resource (and/or pass it on to even more actors)
    - Delegation is a standard feature of Object Capability based systems
    - The delegation mechanism in this PR doesn't just allow anyone to freely delegate; it allows delegation in the way relevant to forge federation: Basically, repos/trackers/tools/services delegate to projects, which delegate to teams, which delegate to people
    
    (This PR used to be #166, due to a Codeberg error I had to close it and reopen a fresh PR)
    
    Co-authored-by: fr33domlover <fr33domlover@riseup.net>
    Reviewed-on: https://codeberg.org/ForgeFed/ForgeFed/pulls/184
    Reviewed-by: Anthony Wang <xy@noreply.codeberg.org>
    
        
file modified
+456 -52
file modified
+14 -5
file modified
+106 -1