Row and field level security 346

[ethanstrominger]

Fixes #346

What changes did you make?

• constants.py: removed unnecessary self_value and corrected admin_global variable
• app/core/api/permissions.py: added __ to DenyAny to prevent pre-commit checks failing, since var not used
• app/core/api/serializers.py:
  • added to_representation method to UserSerializer which calls PermissionCheck.get_user_read_fields to return specific fields for the response
  • added a new serializer UserProfileSerializer which is used by the /me endpoint. This calls cru.user_read_fields(profile_value) to get list of fields to return in the serialized response.
• app/core/migrations/0028_alter_userpermissions_project.py: make Project optional so can add admin_global
• app/core/migrations/max_migration.txt: update to specify above file
• app/core/permission_check.py: added following methods which are documented using pydoc

    def get_lowest_ranked_permission_type(requesting_user: User, target_user: User):
    def get_user_queryset(request):
    def is_admin(user):
    def validate_patch_request(request):
    def validate_fields_patchable(requesting_user, target_user, request_fields):
    def validate_fields_postable(requesting_user, request_fields):
    def get_user_read_fields(requesting_user, target_user):

• app/core/tests
  • conftest.py
    • remove unused fixtures no longer used by test_api related to user. User testing done in new test files.
    • change "create" to "post" to reflect http method
  • test_get_users.py: new file, see pydoc comments for details
  • test_model.py:
    • remove test_user, covered by new test files
    • remove test_permission_type2:not needed
  • test_patch_users: new file, see pydoc comments for details
  • test_post_users: new file, see pydoc comments for details
  • test_validate_postable_fields: new file, see pydoc comments for details
  • unit_tests
    • test_get_permission_rank.py: see pydoc for details
    • test_validate_fields_patchable
• tests/utils/load_data: new file with method load_data for loading all test users
• test/utils/seed_constants.py: new file for holding constants for seeded user names
• test/utils/seed_user.py: new file with method for creating seed users