Show who can see archived submissions

[wes-otf]

Closes #3388 & Closes #3389.

This PR adds an indication as to what user roles can see an archived submission based off of existing settings.

Screenshots

With default Hypha settings

After updating settings to allow Staff and Staff Admin to see archives

After updating settings to only allow Staff Admin (not Staff) to see archives

[theskumar]

Added notes to make the code more modular and readable.

[frjo]

The po and pot files I mostly update in separate PR for practical reasons.

If you update po and pot files in more than one PR you tend to get merge conflicts. No problem keeping them here, good to get them updated.

[wes-otf]

@theskumar this is great feedback, thanks a ton!

I was originally working to make it more sentence-like (ie. "role, role and role") but wondered how that would impact translations if different linguistics were to come into play. If that might be an issue I can refactor my last commit. Definitely makes sense to have it more modular though.

[wes-otf]

@frjo Noted with the translation files - would it make more sense to revert them to what's on main and follow up with the altered files? I have translations committed to #3636 that I can revert too and then do all of them at once after it's all merged.

[wes-otf]

Reverting this back to a draft as I add features from #3389.

[wes-otf]

@frjo @theskumar I believe this is ready to go. The only piece that is still up for discussion would be the behavior of the 403 Forbidden page when a user without archive access tries to view and archived submission. The options I see are:

• Redirect the user to the submission dashboard
• Create a new "Access Denied" page/view that would allow all instances of raise PermissionDenied to be a little more descriptive and clean
• Leave the existing functionality as is

Let me know your thoughts!

[theskumar]

@frjo @theskumar I believe this is ready to go. The only piece that is still up for discussion would be the behavior of the 403 Forbidden page when a user without archive access tries to view and archived submission. The options I see are:

• Redirect the user to the submission dashboard
• Create a new "Access Denied" page/view that would allow all instances of raise PermissionDenied to be a little more descriptive and clean
• Leave the existing functionality as is

Let me know your thoughts!

Explicit is better than implicit. I would suggest going with -- Create a new "Access Denied" page/view that would allow all instances of raise PermissionDenied to be a little more descriptive and clean.

[wes-otf]

@theskumar All sounds good! The functionality for the 403 page is pretty much mirrored from the 404. It can be customized in Wagtail admin and is triggered when any django.core.exceptions.PermissionDenied error is raised. By default, it looks like the following:

With the Wagtail admin prompts:

[wes-otf]

This was also tested in the archive context (user with staff role attempted to view an archived submission) and worked well.

[wes-otf]

This was tested by @Techslammer & all worked as intended. The latest changes of the 403 page hadn't been deployed to test but that was a minor change that shouldn't change too much. Can retest with that if you'd prefer @frjo, otherwise I'll mark it as ready.

Have a nice weekend y'all!