To Do:

Security policies to check:
- Site cannot be private
- All new sitemembers create a root-level foldermember with role=member
- save is locked if this->rank > foldermember->rank
- save is locked if this->locked > foldermember->rank or folder->locked > foldermember->rank (or admin)

Summary:
- anonymous: 	view: public and posted		list: public and posted 		savenew: (folder->id==folder->folderid: private else public) and posted and rank=0 
											no save except session

- none: 	view: public and !deleted	list: public and !deleted if owned	savenew: (folder->id==folder->folderid: private else public) and posted and rank=0
						list: public and posted			save:    same and same and same unless locked

- member: 	view: % and !deleted		list: % and % if owned			savenew: (folder->id==folder->folderid: private else %) and !deleted and rank =< foldermember->rank
						list: % and posted			save:    same and same and rank =< foldermember->rank unless locked		

- editor:	view: % and %			list: % and %				no save controls unless locked	


As anonymous:
 - Any public, posted object may be listed (but not viewed) even if it is in a private folder
   - it should be marked private

 - No private object may be viewed or listed
 - Only public, posted objects may be viewed and listed
 - An object may only be viewed if no folders in the tree are marked deleted, and no folders with $folder->folderid are marked private.
    -see below
 - An object may only be listed if all folders in the tree are marked posted.
    -see below

 - Objects are created as public, posted, rank=0
 - No object may be updated  (except for sessions)



As none: (sitemember but not foldermember)
 - Any public, posted object may be listed (but not viewed) even if it is in a private (to me) folder
    - it should be marked private

 - No private object may be viewed or listed
 - Only public, posted objects may be viewed and listed

 - Public, !deleted objects I own may be viewed
 - Any public object I own may be listed 

 - An object may only be viewed if no folders in the tree are marked deleted, and no folders with $folder->folderid are marked private.
  
   - so even if /memories is (public, hidden), /memories/mine/rick.html may be viewed if (public, posted)

 - An object may only be listed if all folders in the tree are marked posted.

    - but it would not be listed... anywhere
    - keeps links from breaking when a folder is taken offline. 
    - think of the folder status as the status of the listing system below it, 
	but without affecting the status of the objects below it.

 - Objects are created as public, new, rank=0
 - Objects are updated as public, changed, rank=same



As !none and !anonymous:
- Any posted object may be viewed or listed
- Any !deleted object I own may be viewed
- Any object I own may be listed

- An object may only be viewed if no folders in the tree are marked deleted
- An object may only be listed if all folders in the tree are marked posted

- Objects are created as form, !deleted, rank=form (>=$foldermember->rank)
- Objects are updated as same, 