Add auditable superuser mode (#824)

* Remove is_superuser everywhere

* Session handling

* List of sessions, relative timeout

* Absolute timeout

* Optionally pseudo-force audit comments

* Fix failing tests

* Add tests

* Add docs

* Rebsae migration

* Typos

* Fix tests

src/pretix/control/views/event.py

@@ -212,7 +212,7 @@ class EventPlugins(EventSettingsViewMixin, EventPermissionRequiredMixin, Templat
                     module = key.split(":")[1]
                     if value == "enable" and module in plugins_available:
                         if getattr(plugins_available[module], 'restricted', False):
-                            if not request.user.is_superuser:
+                            if not request.user.has_active_staff_session(request.session.session_key):
                                 continue
 
                         if hasattr(plugins_available[module].app, 'installed'):
@@ -854,9 +854,11 @@ class EventLog(EventPermissionRequiredMixin, ListView):
     def get_queryset(self):
         qs = self.request.event.logentry_set.all().select_related('user', 'content_type').order_by('-datetime')
         qs = qs.exclude(action_type__in=OVERVIEW_BLACKLIST)
-        if not self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_orders'):
+        if not self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_orders',
+                                                      request=self.request):
             qs = qs.exclude(content_type=ContentType.objects.get_for_model(Order))
-        if not self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_vouchers'):
+        if not self.request.user.has_event_permission(self.request.organizer, self.request.event, 'can_view_vouchers',
+                                                      request=self.request):
             qs = qs.exclude(content_type=ContentType.objects.get_for_model(Voucher))
 
         if self.request.GET.get('user') == 'yes':