Authorization V2: Groups of users

[StefanFl]

After the discussion on Slack, this PR invents groups of users. Groups can get roles for products and product types and so make managing authorization for a large amount of users easier.

This PR contains the class definitions, the authorization check for roles and permissions and queries for authorized product types and products. Subsequent PR's will include the remaining queries, user interface to manage groups and role definitions, API and test cases.

The changes have no effects on already existing functionality for the new authorization, they are just add-ons.

The bold elements in the class diagram are the new classes and relationships:

[valentijnscholten]

Hard to get the complete overview from a diff, but two things come to mind:

• Does something extra need to be cached during the request?
• Does the test suite need additional tests for these groups?

[StefanFl]

Caching: Yes, the authorization needs to read the groups for a user and Product/Product_Type. This is be cached per request.

Tests: Yes as well. Currently I did manual tests to see if groups work. When the maintainers accept the solution for groups, I will extend the unit tests for the authorization. However, the current unit tests ensure that the functionality has not changed as long as no groups are used.

[valentijnscholten]

ok, great. To me it looks good, so with some unit tests we could merge it soon.

[StefanFl]

Converted it to draft until I have written unit_tests.

[StefanFl]

Added unit tests for authorization

[valentijnscholten]

Good addition, let's see the UI and API in next PRs

[valentijnscholten]

Merging this for dogfooding and to allow Nick Cleary to build on this from dev.