Add authorisation process for sign ups and allow access to EventDetail for basic users (#399)

* CHANGE: First pass at opening up RIGS #233

Whilst it makes it something of a misnomer, the intent is to make the 'view_event' perm a permission to view event details like client/price. I don't see the point in giving everyone 'view_event' and adding a new 'view_event_detail'...Open to arguments the other way.

* CHANGE: New user signups now require admin approval

Given that I intend to reveal much more data to new users this seems necessary...

* CHORE: Fix CI

* FIX: Legacy Profiles are now auto-approved correctly

* Add testing of approval mechanism

This fixes the other functional tests failing because the user cannot login without being approved.

* Superusers bypass approval check

This should fix the remainder of the tests

* Prevent unapproved users logging in through embeds

Test suite doing its job...!

* FIX: Require login on events and event embeds again

Little too far to the open side there Arona... Whooooooops!

* FIX: Use has_oembed decorator for events

* FIX: Re-prevent basic seeing reversion

This is to prevent financials/client data leaking when changed. Hopefully can show them a filtered version in future.

* FIX: Remove mitigation for #264

Someone quietly fixed it, it appears

* FEAT: Add admin email notif when an account is activated and awaiting approval

No async or time-since shenanigans yet!

* FIX: Whoops, undo accidental whitespace change

* FEAT: Add a fifteen min cooldown between emails to admins

Probably not the right way to go about it...but it does work!

TODO: How to handle cooldown-emailing shared mailbox addresses?

* FIX: Remove event modal history deadlink for basic users

Also removes some links on the RIGS homepage that will deadlink for them

* FIX: Wrong perms syntax for history pages

* CHORE: Squash migrations

* FIX: Use a setting for cooldown

* FIX: Minor code improvements

RIGS/test_functional.py

@@ -141,18 +141,41 @@ class UserRegistrationTest(LiveServerTestCase):
         self.assertEqual(password.get_attribute('placeholder'), 'Password')
         self.assertEqual(password.get_attribute('type'), 'password')
 
+        # Expected to fail as not approved
         username.send_keys('TestUsername')
         password.send_keys('correcthorsebatterystaple')
         self.browser.execute_script(
             "return function() {jQuery('#g-recaptcha-response').val('PASSED'); return 0}()")
         password.send_keys(Keys.ENTER)
 
+        # Test approval
+        profileObject = models.Profile.objects.all()[0]
+        self.assertFalse(profileObject.is_approved)
+
+        # Read what the error is
+        alert = self.browser.find_element_by_css_selector(
+            'div.alert-danger').text
+        self.assertIn("approved", alert)
+
+        # Approve the user so we can proceed
+        profileObject.is_approved = True
+        profileObject.save()
+
+        # Retry login
+        self.browser.get(self.live_server_url + '/user/login')
+        username = self.browser.find_element_by_id('id_username')
+        username.send_keys('TestUsername')
+        password = self.browser.find_element_by_id('id_password')
+        password.send_keys('correcthorsebatterystaple')
+        self.browser.execute_script(
+            "return function() {jQuery('#g-recaptcha-response').val('PASSED'); return 0}()")
+        password.send_keys(Keys.ENTER)
+
         # Check we are logged in
         udd = self.browser.find_element_by_class_name('navbar').text
         self.assertIn('Hi John', udd)
 
         # Check all the data actually got saved
-        profileObject = models.Profile.objects.all()[0]
         self.assertEqual(profileObject.username, 'TestUsername')
         self.assertEqual(profileObject.first_name, 'John')
         self.assertEqual(profileObject.last_name, 'Smith')