Minimal recursive JSONB filtering

[pauleveritt]

In this first step, we'll leave out as many extraneous parts as possible and focus on:

• JSONB operations
• CTE recursion with bailing on first match

We will leave out: passing in a sequence of principals, passing in a view, class-based ACLs, SQLAlchemy integration, anything related to performance, etc.

1. Get this repo and make the Sphinx HTML. Start with the ACLs section. Read it to make sure you agree with any decisions it makes. If not, change it in a PR.
2. Make a new directory based on the sample code in that section. Call it simple_filtering or something.
3. Write some SQLAlchemy-generated SQL (no hybrid methods or anything fancy) which extends your previous "parents" CTE to do the following:
   • For each Node...
   • Look at the JSONB acl column
   • For each ACE...
   • Do some primitive test ("is the third item equal to 'view' ?")
   • If it matches that test, bail out and return boolean True if the first item is 'Allow', or a boolean False if 'Deny'
   • If the primitive test fails, go to the next ACE
   • If no matching ACE, do the same on the parent
   • If no more parents and no matching ACE, return False
   • And the essential part....do this all in one executed SQL statement

[hathawsh]

I like it. :-) I'll work on it.