Epic 2191 - Update permissions

[maradragan]

• Remove ability of super users to edit existing location names (was Remove ability of super users to edit existing location names #1599)
  Super users are arbitrarily renaming locations.

• Super users cannot edit the profile of other super users (was Super users cannot edit the profile of other super users #1571)
  When a super user tries to edit the advisor position of another super user, the following pink message is displayed:
  "Forbidden: Exception while fetching data (/updatePosition): You do not have permissions to do this."
  Both super users were assigned to the same advisor organization.
  The work around is to select the "ANET User" button for the super user profile being selected. This makes the edited super user no longer a super user, but at least the position can be edited.

• Incoming advisors inherit super user permissions from their predecessors (was Incoming advisors inherit super user permissions from their predecessors #2080)
  When incoming advisors are assigned to their predecessor's advisor position, the incoming advisor inherits the advisor position's super user permissions (if the predecessor was a super user).
  Advisors must be trained before they can have super user permissions.
  There are many untrained super users.

• When super users and admins are removed from their positions, the super user permissions of that position should be converted to advisor permissions no matter if there is a new assignee or not. When advisors are removed from their positions, then the permissions of that position should remain the same.

• When Super users or admins change position, they should bring their permissions to the new position.

Less important, spit off into #3557:

• Server side permission checks (was Server side permission checks  #313)
  Depending on the object type being edited and on the role of the logged in user , one may be allowed to edit only a subset of the properties of the object.
  Make sure that these permission checks are now implemented also server side (if this is not done yet).
  See for instance issue Update the ability of super users to modify principal organizations #36 and Change the Data Requirements for Principal Organizations #200 .

[dspCarlson]

@asafkaganbezgin Per our conversation today in the daily standup Teams meeting, there are actually two scenarios for removing super user permissions from an advisor position:

Scenario 1: A super user redeploys. The super user is unassigned from the super user permission. However, nobody is immediately assigned to the position. In this case, the position's permission should revert to just "user" permissions.

Scenario 2: A super user redeploys. Before the super user leaves, he assigns his/her incoming replacement to the position with super user permissions. The incoming replacement should not inherit the super user permissions.

The rule should be: anytime a person is removed from a position that super user permissions, the position's permissions should revert to just user permissions.

[dspCarlson]

@asafkaganbezgin

Reference to Scenario 2 above:
Question 1: If an administrator is assigned to a super user position (with respect to scenario 2), should the administrator's position's permissions be converted to advisor permissions? I'm asking this because in this case the new comer is going to have super user background (have experience).

Answer 1: Yes, if a person who is an administrator switches to another position, the administrator permissions should be added to the newly assigned position. The administrator's former position should revert to advisor permissions.

Reference to Scenario 2 above:
Question 2: If a super user is assigned to another advisor position, should the super user position permissions follow the advisor to the newly assigned position?

Answer 2: Yes, if a person who is a super user switches to another position, the super user permissions should be added to the newly assigned position. The super user's former position should revert to advisor permissions.

Reference to Scenario 2 above:
Question 3: If an advisor with just user permissions is assigned to another, should the advisor's position permissions follow the advisor to the newly assigned position?

Answer 3: Yes, if a person who is an advisor switches to another position, the advisor/user permissions should be added to the newly assigned position. The advisor's former position should maintain its advisor/user permissions.

The new rule should be: A person's permissions follows him/her to their next assignment (if he/she is actually assigned to another position). In all cases, the advisor position left vacant should have its permissions revert to advisor/user permissions.

[dspCarlson]

@asafkaganbezgin From the questions and answers above, super users will occasionally assign themselves to another position and lose their super user permissions. Then the super users have to contact me (usually via email) to have their super user permissions restored to their newly assigned position. I must also go to their previous assigned (now vacant) position and set the permissions to advisor/user.

Also, one time my administrator colleague switched positions and lost his administrator permissions. He had to contact me to restore his administrator positions to his newly assigned position.

The new rule will save super users and administrators time and also save me time.

[gjvoosten]

Main functionality was completed in #3532.