Pluggable permissions (#5728)

* Data model draft

* Refactor query and assignment usages of old permissions

* Backend UI

* API serializer

* Big string replace

* Docs, tests and fixes for teams api

* Update docs for device auth

* Eliminate old names

* Make tests pass

* Use new permissions, remove inconsistencies

* Add test for translations

* Show plugin permissions

* Add permission for seating plans

* Fix plugin activation

* Fix failing test

* Refactor to permission groups

* Update doc/api/resources/devices.rst

Co-authored-by: luelista <weller@rami.io>

* Update doc/api/resources/events.rst

Co-authored-by: luelista <weller@rami.io>

* Update src/pretix/api/serializers/organizer.py

Co-authored-by: luelista <weller@rami.io>

* Fix typo

* Fix python version compat

* Replacement after rebase

* Add proper permission handling for exports

* Docs for exporters

* Runtime linting of permission names

* Fix typos

* Show export page even without orders permission

* More legacy compat

* Do not strongly validate before plugins are loaded

* Rebase migration

* Add permission for outgoing mails

* Review notes

* Update doc/api/resources/teams.rst

Co-authored-by: Richard Schreiber <schreiber@pretix.eu>

* Clean up logic around exporters

* Review and failures

* Fix migration leading to forbidden combination

* Handle permissions on event copying

* Remove print-statements

* Make test clearer

* Review feedback

* Add AnyPermissionOf

* migration safety

---------

Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>

src/tests/control/test_reusable_media.py

@@ -51,7 +51,7 @@ def gift_card(organizer):
 @pytest.fixture
 def admin_user(organizer):
     u = User.objects.create_user('dummy@dummy.dummy', 'dummy')
-    admin_team = Team.objects.create(organizer=organizer, can_manage_reusable_media=True, name='Admin team')
+    admin_team = Team.objects.create(organizer=organizer, all_organizer_permissions=True, name='Admin team')
     admin_team.members.add(u)
     return u
 
@@ -122,7 +122,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
 
     # Privileged user can search
     team.all_events = True
-    team.can_view_orders = True
+    team.limit_event_permissions["event.orders:read"] = True
     team.save()
 
     r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
@@ -140,7 +140,8 @@ def test_typeahead(organizer, admin_user, client, gift_card):
 
     # Unprivileged user can only do exact match
     team.all_events = True
-    team.can_view_orders = False
+    team.all_event_permissions = False
+    team.limit_event_permissions = {"event.vouchers:read": True}
     team.save()
 
     r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])
@@ -154,7 +155,7 @@ def test_typeahead(organizer, admin_user, client, gift_card):
     assert d == {"results": [{'event': 'Dummy', 'id': op.pk, 'text': 'FOO-1 (Early-bird ticket)'}], "pagination": {"more": False}}
 
     team.all_events = False
-    team.can_view_orders = True
+    team.limit_event_permissions["event.orders:read"] = True
     team.save()
 
     r = client.get('/control/organizer/dummy/ticket_select2?query=' + op.secret[0:3])