Added better permission handling for events, news and project articles. From now on, these objects can only be deleted by its author/responsible or those with explicit permission.
It is therefore important that we remove the delete permissions from all groups except Ledelsen and DevOps in the admin panel.
This way we will not have another Febrauary incident where an event was accidently deleted.
It is important to remember that LabOps can still change these articles and events but not delete unless they are the author/responsible.
I have also added another "security feature" where only the author/responsible can change the person that is responsible for an event. Without this, it would be possible for someone who can not delete, but change, an event to change the person responsible to themselves and then delete it. Max security
closes: #636
Remember to remove delete permissions for labops for news, events and projectarticles
Added better permission handling for events, news and project articles. From now on, these objects can only be deleted by its author/responsible or those with explicit permission. It is therefore important that we remove the delete permissions from all groups except Ledelsen and DevOps in the admin panel. This way we will not have another Febrauary incident where an event was accidently deleted. It is important to remember that LabOps can still change these articles and events but not delete unless they are the author/responsible. I have also added another "security feature" where only the author/responsible can change the person that is responsible for an event. Without this, it would be possible for someone who can not delete, but change, an event to change the person responsible to themselves and then delete it. Max security
closes: #636
Remember to remove delete permissions for labops for news, events and projectarticles