revisit cascading permission design

Ticket

+commit
 
we get this error:

Validation failed: Permissions can't set read permissions on InvitationRequest+*template to Anyone because incompatible read permissions: Anyone on InvitationRequest+*template and  Anyone signed in on InvitationRequest


in a nutshell,  when A.reader = auth,   then sometimes you want to force A+x to be restricted to auth, sometimes you don't.   right now, we always do.  need design around this.

 

We're going to stop forcing this.  Each card's permissions can be configured independently.  Default permissions still work the way they used to, but there is no longer a concept of "incompatible permissions" -- if there is a conflict, it goes with the permissions on the left-side card.