Articles: System = CRUD on all articles [(1, '=', 1)] Articles: users/portal: read based on access [('user_has_access', '=', True)] Articles: users/portal: write based on flag [('user_has_write_access', '=', True)] Article members: users/portal: read article members [('article_id.user_has_access', '=', True)] Article members: System CRUD all [(1,'=',1)] Article favorite: users/portal: own + readable articles [('user_id', '=', user.id), ('article_id.user_has_access', '=', True)] Article favorite: System CRUD all [(1, '=', 1)] Item Stages (Read): users/portal: readable articles [('parent_id.user_has_access', '=', True)] Item Stages (Create/Write/Unlink): users/portal: writable articles [('parent_id.user_has_write_access', '=', True)] Item Stages: System CRUD all [(1, '=', 1)] Invite: Users invite members [('article_id.user_has_write_access', '=', True)] Invite: System invite members [(1, '=', 1)] Articles Threads: portal/users: read based on article access [('article_id.user_has_access', '=', True)] Article Threads: portal/users: write and create based on article write access [('article_id.user_has_write_access', '=', True)]