Permissions issues #25
Description
I've so far found permissions in the invenio ecosystem to be rather confusing and difficult to follow.
I've succeeded in mirroring what invenio-deposit does for access control for record-based views, but have struggled with the file-based views, which — to avoid duplication — should make use of the functionality in invenio-records-files.
Invenio's access control is described at https://invenio-access.readthedocs.io/en/latest/usage.html, but in terms of implementation there's a lot of indirection and closures in terms of permissions factories and wrapped ElasticSearch checks.
I think I need to add something to dispatch_request to attach the appropriate needs to the principal before the later permissions checks, but feel this should be easier.