Remote API & CLI for role/group CRUD operations
A user should have full permissions on themselves
Doubled Groups and Roles links
My Views should defer to the User's ACL and never the "item group"'s ACL
[RM-1492] When updating group membership from CLI, the new member list was not saved to disk.
Add a defensive uniqueness constraint in case of badly written plugins that have multiple Permission instances with the same id.