Pluggable permissions (#5728)

* Data model draft

* Refactor query and assignment usages of old permissions

* Backend UI

* API serializer

* Big string replace

* Docs, tests and fixes for teams api

* Update docs for device auth

* Eliminate old names

* Make tests pass

* Use new permissions, remove inconsistencies

* Add test for translations

* Show plugin permissions

* Add permission for seating plans

* Fix plugin activation

* Fix failing test

* Refactor to permission groups

* Update doc/api/resources/devices.rst

Co-authored-by: luelista <weller@rami.io>

* Update doc/api/resources/events.rst

Co-authored-by: luelista <weller@rami.io>

* Update src/pretix/api/serializers/organizer.py

Co-authored-by: luelista <weller@rami.io>

* Fix typo

* Fix python version compat

* Replacement after rebase

* Add proper permission handling for exports

* Docs for exporters

* Runtime linting of permission names

* Fix typos

* Show export page even without orders permission

* More legacy compat

* Do not strongly validate before plugins are loaded

* Rebase migration

* Add permission for outgoing mails

* Review notes

* Update doc/api/resources/teams.rst

Co-authored-by: Richard Schreiber <schreiber@pretix.eu>

* Clean up logic around exporters

* Review and failures

* Fix migration leading to forbidden combination

* Handle permissions on event copying

* Remove print-statements

* Make test clearer

* Review feedback

* Add AnyPermissionOf

* migration safety

---------

Co-authored-by: luelista <weller@rami.io>
Co-authored-by: Richard Schreiber <schreiber@pretix.eu>

src/tests/control/test_checkins.py

@@ -61,7 +61,7 @@ def dashboard_env():
     item_ticket = Item.objects.create(event=event, name="Ticket", default_price=23, admission=True)
     item_mascot = Item.objects.create(event=event, name="Mascot", default_price=10, admission=False)
 
-    t = Team.objects.create(organizer=o, can_view_orders=True, can_change_orders=True)
+    t = Team.objects.create(organizer=o, all_event_permissions=True)
     t.members.add(user)
     t.limit_events.add(event)
 
@@ -139,7 +139,7 @@ def checkin_list_env():
     # permission
     orga = Organizer.objects.create(name='Dummy', slug='dummy')
     user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
-    team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True)
+    team = Team.objects.create(organizer=orga, all_event_permissions=True)
     team.members.add(user)
 
     # event
@@ -321,7 +321,7 @@ def test_manual_checkins_revert_requires_order_change_permission(client, checkin
     client.login(email='dummy@dummy.dummy', password='dummy')
     with scopes_disabled():
         assert not checkin_list_env[5][3].checkins.exists()
-        Team.objects.update(can_change_orders=False, can_checkin_orders=True)
+        Team.objects.update(all_event_permissions=False, limit_event_permissions={"event.orders:checkin": True})
     client.post('/control/event/dummy/dummy/checkinlists/{}/bulk_action'.format(checkin_list_env[6].pk), {
         'checkin': [checkin_list_env[5][3].pk]
     })
@@ -363,7 +363,7 @@ def checkin_list_with_addon_env():
     # permission
     orga = Organizer.objects.create(name='Dummy', slug='dummy')
     user = User.objects.create_user('dummy@dummy.dummy', 'dummy')
-    team = Team.objects.create(organizer=orga, can_view_orders=True, can_change_orders=True)
+    team = Team.objects.create(organizer=orga, all_event_permissions=True)
     team.members.add(user)
 
     # event
@@ -466,7 +466,7 @@ class CheckinListFormTest(SoupTest):
             date_from=datetime(2013, 12, 26, tzinfo=timezone.utc),
         )
         self.event1.settings.timezone = 'Europe/Berlin'
-        t = Team.objects.create(organizer=self.orga1, can_change_event_settings=True, can_view_orders=True)
+        t = Team.objects.create(organizer=self.orga1, all_event_permissions=True)
         t.members.add(self.user)
         t.limit_events.add(self.event1)
         self.client.login(email='dummy@dummy.dummy', password='dummy')