Set correct permissions for node users

[ninanorgren]

We will use the Django admin panel to manage Questions, QuestionSets, etc. This requires the node users to have access to this panel, and the correct permissions to handle them. Below is an attempt at looking at these permissions (node user) on a table level:

View:

• Questions from node and admin
• Sets from node and admin
• Supersets from node and admin
• Answers from node and admin

Add:

• Questions
• Sets
• Supersests
• Answers

Edit:

• Questions from node
• Sets from node
• Supersets from node
• Answers from node

Delete:

• No delete on anything after question/set/superset is not in draft mode anymore

In addition/from another perspective (node user):

• Question: should not be able to delete as there might be answers
  • Answer: no deleting. However, should be possible to add new Answers to questions (or edit)
• QuestionSet: no deleting
  • Question: should be possible to add or remove question from QuestionSet
• QuestionSuperSet: no deleting
  • QuestionSet: add or remove from QuestionSuperSet should be possible

The delete permission might need to be discussed more. Superusers can of course do everything. However, it should not be allowed for the node user to update/change the user of any questions, sets, etc. But it should be allowed for the superuser.

These issues are related to issues #21 and #50

[ninanorgren]

Current status after last commit: There is now a script that can be run manually to assign all node users to a group, where permissions can be set. Right now, users can only see their own questions, sets, etc, and they are not allowed to change the user for a question etc, only the superuser can do that.

[ninanorgren]

Now node users can see but not edit sets and supersets.