Improve the behavior of the ReadVersion permission by defining its semantics more cleanly in terms of inheritance from its live doc:
- a version "inherits" most of its permissions from its live document (and transitively from the ancestors of the live doc),
- a version does not inherit the Read permission,
- but if a live doc has the ReadVersion permission then the version has the Read permission.
This means that Read on a live doc is not sufficient to access the versions, the ReadVersion permission must be present too.
This should be activated based on a feature flag to keep the old behavior if needed.
Note, in all of the above when we say Read it's really Browse that's understood at low-level.
- change DBSTransactionState.getReadACL,
- change the various SQL stored procedures, for PostgreSQL these are nx_get_read_acl and nx_access_allowed,
- change the regular merged ACL logic,
- change the various higher-level permission checks at the AbstractSession level to be consistent with this.