Allow public pages for staff and admins only

I think we could achieve this without implementing a fully granular Moodle-style permissions system (and all the performance hits that come with that).

The implementation would look like this:

1. We change the setting "allow public pages" from a tickbox to a menu labeled "who can create public pages", options "anyone", "admins + staff", "admins", "no one". (Maybe some variant in there for institutional admins & staff as well)

2. We do a similar thing to the existing institution-level "allow public views" setting. The current version of that setting allows public views if the user belongs to *any* institution that allows public views, so we would use similar "any" logic for the new version of the setting.

3. We add a tickbox for "can create public pages" to the user settings page, accessible only to admins (much like the user settings option for setting a user's auth instance). This setting would allow the user to create public pages regardless of any other site or institutional settings (or the spam probation system).

4. We write a function, "can_create_public_pages()" that checks all of these things in the proper order.

Sounds good to me. For the drop-down menu we can use the same language already used for the "Create groups" option:
- Administrators only
- Administrators and staff only
- Everyone

I wouldn't distinguish between institution and site staff on the site level, but leave that up to the institutions.

WorkArrocund:
I use two institutions, one with public pages NOT allowed. That is the "normal" institution that is used by every user.
Then I make some users also members of an other institution in which public pages are allowed.
So these users can create public views.
Problem: By allowing public pages in mahara also public profies are allowed. So althoug in the first institution the public pages are not allowed the user can make their profile page public.