A default ACL breaks the unit tests for Users (since Users cannot be writeable by other users). It also breaks other functionality--if there are default global read/write permissions, using set_role or set_user won't override it, which is a security risk. We may want to look at other ways to prevent the difficulty mentioned in issue #97, but for now, it's probably best to do what other SDKs do and not have an ACL until the user creates one (and have an ACL created with no arguments result in master-key-only permissions, rather than global read/write permissions).
A default ACL breaks the unit tests for Users (since Users cannot be writeable by other users). It also breaks other functionality--if there are default global read/write permissions, using set_role or set_user won't override it, which is a security risk. We may want to look at other ways to prevent the difficulty mentioned in issue #97, but for now, it's probably best to do what other SDKs do and not have an ACL until the user creates one (and have an ACL created with no arguments result in master-key-only permissions, rather than global read/write permissions).
Closes #97