Cu 862j1wq35 default user group

[adam-sutton-1992]

This is the first commit of this change. There will be adjustments, and I'll list what they should be and the related questions.

1. I've edited the webapp/scripts/run.sh script where the admin permissions are given. Maybe this should be its own python script now to set up groups, permissions, and users. If so where would be ideal for it?
2. I've removed all permissions that contain the phrase delete which is a bit extreme... is there a solid list of permissions we want the average user to have / not have? I've also not saved the group as a member of staff - restricting their access to the admin page - would this be how we want it?
3. Do we want a default user to exist - or just the group?

Changes I know to make:

1. Create the group regardless of if any users exist
2. Add documentation that it's also creating a standard user group.

[tomolopolis]

Task linked: CU-862j1wq35 Create a default user group that allows all actions except Delete

[tomolopolis]

@adam-sutton-1992 - thanks for the PR. to answer your questions:

1. ...

yes lets stick this in another .py script, under run/scripts, manage.py shell, just runs some extra imports setting up the django config, so if you include these in your script, you'll be fine to to access models etc.

2. ...

Yes - lets have these permissions for the average 'admin' level user. These are users that manage an annotation project, but don't necessarily manage the deployment of Trainer on site. So they can create, view and edit projects, but cannot delete. And they can create, view, delete concept dbs, and create, view datasets.

3 ...

A default user is already created on startup, this is via l24

User = get_user_model() if User.objects.count() == 0: User.objects.create_superuser('admin', 'admin@example.com', 'admin')

if a user doesn't already exist...

[adam-sutton-1992]

I've removed the creation of a default user and made it so the permissions listed here are the default permissions for the group named user_group.

I've also made the nessescary changes to always create the group and populate permissions, and added documentation where appropriate.

It might be suitable in the future to take the python code creating an admin account that's baked into the run.sh script and also put it in a python file.