Add auditable superuser mode (#824)

* Remove is_superuser everywhere

* Session handling

* List of sessions, relative timeout

* Absolute timeout

* Optionally pseudo-force audit comments

* Fix failing tests

* Add tests

* Add docs

* Rebsae migration

* Typos

* Fix tests

src/tests/control/test_permissions.py

@@ -26,13 +26,20 @@ def env():
 
 superuser_urls = [
     "global/settings/",
-    "global/update/",
     "users/select2",
     "users/",
     "users/add",
     "users/1/",
     "users/1/impersonate",
     "users/1/reset",
+    "sudo/sessions/",
+]
+
+
+staff_urls = [
+    "global/update/",
+    "sudo/",
+    "sudo/2/",
 ]
 
 event_urls = [
@@ -146,10 +153,26 @@ def test_logged_out(client, env, url):
 @pytest.mark.django_db
 @pytest.mark.parametrize("url", superuser_urls)
 def test_superuser_required(perf_patch, client, env, url):
+    client.login(email='dummy@dummy.dummy', password='dummy')
+    env[1].is_staff = True
+    env[1].save()
+    response = client.get('/control/' + url)
+    if response.status_code == 302:
+        assert '/sudo/' in response['Location']
+    else:
+        assert response.status_code == 403
+    env[1].staffsession_set.create(date_start=now(), session_key=client.session.session_key)
+    response = client.get('/control/' + url)
+    assert response.status_code in (200, 302, 404)
+
+
+@pytest.mark.django_db
+@pytest.mark.parametrize("url", staff_urls)
+def test_staff_required(perf_patch, client, env, url):
     client.login(email='dummy@dummy.dummy', password='dummy')
     response = client.get('/control/' + url)
     assert response.status_code == 403
-    env[1].is_superuser = True
+    env[1].is_staff = True
     env[1].save()
     response = client.get('/control/' + url)
     assert response.status_code in (200, 302, 404)