More granular organizer permission control

[krzys-h]

Currently, all organizers get access to data for all editions. Given that we have more and more data in the system each year, this may be undesirable for security reasons. Old organizers should only get access to data for editions they organized.

I propose that we change the permissions such that:

• server admins still get full access (and Django admin access)
• each Camp object gets a list of organizers
• workshop/participant/lecturer lists are only accessible if you are an organizer of a given edition
• "all users" page is accessible only to server admins OR "all users" page shows only users from editions you organized (to be decided)
• Camp-related profile fields are accessible if you are an organizer of a given edition
• non-Camp-related profile fields are accessible only if you are an organizer of ANY edition
  • this includes the previous editions list (if you are a new organizer, you can see that the user participated in the past, but without details)
• forms not bound to a year are accessible if you are an organizer of the CURRENT edition (or ANY? not sure here - also need to make sure consistent behavior with form data in the participant list)
• forms bound to a year are accessible only if you are an organizer for a given year
• editing articles is allowed if you are an organizer for the CURRENT year
• Internety access is governed by the same rules as for normal lecturers, but we need to add a case for when somebody is an organizer without any workshops
• Organizers with no workshops should also be listed in the lecturers list
• The list of organizers from the database should be used instead of the organizers article, so that it is kept up to date automatically (not sure how exactly that's going to work yet)
• Only server admins can edit Camp objects and add organizers to them

Additionally, we should drop the old permission system entirely. Spliting the permissions into see workshop list/see user list/edit qualification etc. does not make sense in our use case, and only unnecessarily complicates the codebase if you try to implement them properly (e.g. hiding workshop proposals if you can see user list but not the workshop list etc.)

ping @cytadela8 for input on this

[cytadela8]

I feel like adding proper permissions for organizers is very-very low priority.

[cytadela8]

It won't change anything in our lives - "there is no business value"

[krzys-h]

True - this was just a random idea I had while thinking about how to handle the "Organizers" page better, because the current one is kinda a mess. I want to have the data about the organizers in the db to somehow display it in a more sane way (not sure how yet), and handle the case of having organizers with no workshops (iirc it happened in the past - currently the system treats such people as if they didn't participate at all). The permissions idea was just a side effect of that.