Change to Access Control logic

[superdweebie]

I have the following proposed change to shard access control logic, pr to follow shortly. At present access control works like this:

• Make a request to the access controller to do action(s).
• The access controller collects all the roles for the active user
• The roles and actions are tested against permissions defined in the document

I suggest the following logic:

• Make a request to the access controller to do action(s).
• The actions and the role 'guest' are tested against permissions defined in the document
• Only if the 'guest' role is denied access, then access controller collects all the roles for the active user
• The active user roles and actions are tested against permissions defined in the document

I suggest this change for the following two reasons:

• If there are lots of requests from unauthenticated users, then checking 'guest' first prevents a hit on the db
• It makes login/authentication logic simpler, because you don't get lost in recursion trying to load the active user to check permissions on the active user document.

[superdweebie]

This change should be a major version bump because it could open security holes in permissions written against v3.

[joshystuart]

That sounds good to me.