";print_r($defs);
        $r = array();
        foreach($defs as $k=>$v) {
            
            
            
            if (empty($v[0])) { // delete right if not there..
                $r[$k] = '';
                continue;
            }
            
            
            if (isset($ret[$k])) {
                if (empty($ret[$k]) && $isAdmin) {
                    $r[$k] = $v[0] ; // -- it's admin they get rights... can not be disabled..
                    continue;
                }
                // in theory non-owners could sneak in rights here..??
                $r[$k] = $ret[$k];
                continue;
            }
            // not set contition...
            if (!$isOwner) {
                $r[$k] = '';
                continue;
            }
            
            $r[$k] = $isAdmin ? $v[0] : $v[1];
            
       
        }
        
        return $r;
    }
    function mergeMask($a, $b) 
    {
        // default 
        $ret = '';
        for($i=0; $i< strlen($this->fullRights) ; $i++) {
            if ((strpos($a, $this->fullRights[$i]) > -1) ||
                (strpos($b, $this->fullRights[$i]) > -1)
            ) {
                $ret .= $this->fullRights[$i];
            }
        }
        return $ret;
        
        
    }
    
    
    function defaultPermData()
    {
        
        // we should do better caching of this... really..
        
        
        
        
        // what they mean:
        // A - add
        // D - delete
        // E - edit
        // S - list
        // P - print / export
        // I - import
        // M????
        
        
        $gid = empty($this->group_id) ? 0 : $this->group_id;
        static $Pman_DataObjects_Group_Right = array();
        
        
        if (!empty($Pman_DataObjects_Group_Right[$gid])) {
            return $Pman_DataObjects_Group_Right[$gid];
        }
        $has_admin = true; ///?? not sure..
        if ($gid) {
            $g = DB_DataObject::factory('core_group');
            $g->get($this->group_id);
            $has_admin = $g->type  == 2 ? false : true;
        }
        
        
        
        $ff = HTML_FlexyFramework::get();
        //print_R($ff);
        $enabled =  array('Core') ;
        $enabled = explode(',', $ff->enable);
        $disabled =  explode(',', $ff->disable? $ff->disable: '');
        $pman = $ff->rootDir . '/Pman/';
        $ret = array();
         //echo '
';print_r($enabled);
        foreach($enabled as $module) {
            
            if (($module == 'Admin') && !$has_admin) {
                continue;
            }
            
            $fn = $pman. $module.  '/'.$module. '.perms.json';
            if (!file_exists($fn)) {
                continue;
            }
            $ar = (array)json_decode(file_get_contents($fn));
            if (empty($ar)) {
                // since these are critical files.. die'ing with error is ok.
                die("invalid json file: " . $fn);
               }
           // echo '
';print_r($ar);
            foreach($ar as $k=> $perm) {
                if ($k[0] == '/') {
                    continue; // it's a comment..
                }
                if (in_array($module, $disabled) || in_array($module.'.'. $k, $disabled)) {
                    continue;
                }
                $ret[$module.'.'. $k ] = $perm;
            }
            
        }
        $Pman_DataObjects_Group_Right[$gid] = $ret;
       // print_r($ret);
        return $Pman_DataObjects_Group_Right[$gid];
         
        
    }
    
    function adminRights() // get the admin rights - used when no accounts are available..
    {
        $defs = $this->defaultPermData();
        $ret = array();
        foreach($defs as $k=>$v) {
            $ret[$k] = $v[0];
        
        }
        return $ret;
        
    }
    
    function validate()
    {
        // all groups must have the minimum privaligess..
        // admin group must have all the privaliges
        $g = DB_DataObject::Factory('core_group');
        $g->get($this->group_id);
        $defs = $this->defaultPermData();
        switch($g->name) {
            case "Administrators";
                $this->accessmask = $this->mergeMask($this->accessmask, $defs[$this->rightname][0]);
                break;
                
            default:
                //$this->accessmask = $this->mergeMask($this->accessmask, $defs[$this->rightname][1]);
                break;
        
        }
        
    }
    /**
     * generates the default admin group.
     * and returns it.
     */
    function genDefault()
    {
        // need to create to special groups, admin & DEFAULT.
        $g = DB_DataObject::Factory('core_group');
        //$g->name = 'Default';
        //if (!$g->find(true)) {
        //    $g->insert();
        //}
        $g->id = 0;
        $this->applyDefs($g, 1);
    
        $g = DB_DataObject::Factory('core_group');
        $g->name = 'Administrators';
        $g->type = 0;
        if (!$g->find(true)) {
            $g->insert();
        }
        $this->applyDefs($g, 0);
        return $g;
        
    }
        
    function applyDefs($g, $usecol) {
        
        $defs = $this->defaultPermData();
        //echo '
';print_r($defs);
        //$usecol = 1;
        foreach($defs as $rightname => $defdata) {
            $gr = DB_DataObject::Factory('core_group_right');
            $gr->rightname  = $rightname;
            $gr->group_id = $g->id;
            if (!$gr->find(true)) {
                $gr->accessmask = $defdata[$usecol];
                $gr->insert();
                continue;
            }
            $oldgr = clone($gr);
            $gr->accessmask = $gr->mergeMask($gr->accessmask, $defdata[$usecol]);
            if ($gr->accessmask == $oldgr->accessmask) {
                continue;
            }
            $gr->update($oldgr);
        }
        
    }
        
    function checkPerm($lvl, $au) 
    {
        return false;
    }  
    
}