...
To make authorization efficient, each node has a permissions "benefactor" reference, which is a pointer the ancestor node have access control specified. This allows us to avoid "walking" the node hierarchy tree with every authorization check.
Classes/method
AuthorizationManager
- overrideInheritance(id): (1) clone permissions of the current benefactor (via UserGroupDAO); (2) change inheritance reference of 'id' and all of 'id's descendents to be id (via NodeInheritanceManager.setInherits(false, id)).
...