Shortlink edit permissions

[jameslzhu]

Shortlinks (hkn.eecs.berkeley.edu/shortlinks) currently have a major flaw: they can only be edited by their creator or by superusers (compserv).

There are two potential solutions to this:

1. Allow a committee (group) to edit a shortlink. This has the upside of having limited edit scope, with slightly more user input required (a dropdown menu to select committee / group) and a more complex model. (How can we let anyone edit a shortlink? Is there a group containing all users? Maybe a members group?)
2. Allow anyone to edit any shortlink. This has the upside of being simple and surviving member graduation / committee, but has greater potential for abuse / malicious edits / mistakes. This might be mitigated by storing edit history (which may also be desirable, but at the cost of greater complexity).
3. Allow all officers to edit any shortlink. (Potentially assistant officers / committee members as well.)

[jameslzhu]

I'm bumping this to medium; this requires creating two new html / views for viewing all shortlinks and editing shortlinks, and requires learning the Django permissions system.

[jvperrin]

I'm personally a fan of option 2, but saving an entire edit history does sound like a pain. Maybe we can just save one or two previous values and who edited to be those values to some fixed db columns? Then we don't need to store all history, but can store enough for basic tracking. Thoughts?

[jameslzhu]

See https://github.com/compserv/hknweb/issues/29#issuecomment-474979848.