Based on a type of file users should have access to the file or not. Therefore I need the permission on the file type and not on the file itself.
Here are some ideas which I tossed around to come up with a solution:
1) Use custom code for checking upon file delivery if the file might be of a certain type (extended table) and then check the permissions on that.
2) Use one folder per type and store the files into the folders, giving permission on the folder instead (and use a callback on folder name upon creation to automatically give a group of people permission to the folder). The drawback is that each new type triggers a new folder to be generated. That is fine in a flat szenario, but if you have one folder per project, then the number of folders just gets too big.
3) Use categories for the types and write some permission code based on categories that allows you to give the usual permissions based on the category. This has the benefit of allowing permissions based on category_id, so you can get the permission on all files you have direct permissions or on which you have permission on the mapped categories.
I am leaning towards approach 3) as it gives you the option to give permissions on types to anything you want. Give permissions on all sales projects, give permission on all review files, give permission on all accounting tasks....
But to be honest I hope someone has found a different solution which I could just reuse . Or, alternatively, OCT has time to discuss this so we can figure out if and how to include this in the toolkit. The permissions per type thing is something which came up lately in two clients, thats why I have to start thinking about it.