The order of security authority is checked in the following order:
- The project itself (not yet implemented).
- The parent project.
- The project type of the top-most project in the inheritence tree.
Additionally, a "pre-check" is done on the project type first to ensure they can view the project type. Consider this example. You have Project A of type General Projects. General Projects can be viewed by all staff. You have a sub-project setup of this project as Project B, and it is of type "Pastoral Visit". Pastoral Visit projects can only be viewed by pastors. If Ted is both a staff member and a pastor, he can view both projects. If Cindy is a staff member but not a pastor then she can only view "Project A".
Tasks inherit their security from the project they are a part of. They also follow the same pattern of doing a pre-check on the project type of the project they are associated with.