I'm a known non-fan of all things PHP, so I won't speak to that part of it - but I have architected lots of systems like this, and hairy permissions issues are one of those things best avoided if possible - by definition you're comparing a tree of documents against a heterogenous tree of permissions, which has complexity that affects how things scale. It sounds like 90% of the complexity is driven by wanting "staff" stuff to be hosted in the same system as public data, and if that distinction disappears, most of the complexity goes with it. Have you considered simply hosting the "staff" stuff in a separate system? It might not be ideal from a one-stop-shopping perspective, but might be considerably cheaper. -Tim -- http://timboudreau.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.hidden-tech.net/pipermail/hidden-discuss/attachments/20151113/4cbbd4d2/attachment.html