I am building a site in which it would be most convenient to have a user account be the Parent of several "sub-user" accounts. In other words, I need to add the following permissions to a role:
- View sub-user created content
- Edit sub-user created content
- View Peer-user created content
- Edit Peer-user created content
- Approve sub-user registration
(The last one is actually probably a workflow item, rather than a permission)
This, of course, presupposes that a user registration form offers the option to register as a sub-user subordinate to a given User account—a function that probably should (in most cases) be setup to allow only by invitation by the Parent account.
The idea behind this is: a Corporate account (Group or Company) is needing to interact with data provided by a plurality of individuals who may or may not be granted access to the data provided by their peers. All this data must nonetheless be protected from public viewing, as it is proprietary to ownership of the Parent user account, hence visible only to the parent, and optionally at varied granularity to the Parent's sub-accounts.
I know… this sounds a lot like Organic Groups, but unless I'm mistaken, my concept is more user-centric, and less group-centric.
As I see it, this quickly boils down to the implementation of a User Hierarchy system, with associated hierarchical permissions. Has this kind of thing been implemented? I am seeking guidance and assistance.