Enhance permission management on /contacts

Current state

• When somebody creates a entity (device/platform/configuration) he gets added to the contacts
  • I'm not quite sure if you already get added if you just log in for the first time (correct me here)
• Everybody who is logged in can go to Contacts and
  • see all contacts
  • can edit all contacts
  • can delete all contacts
    • if the person is referenced by any entity this will fail

Wished behavior

• not everybody can see everybody
• not everybody can edit everybody
• not everybody can delete everybody

Suggestions how to improve the permissions

• I focused on edit permissions, because:
  • I think it is good to view everybody and it would be too complicated to restrict this
  • You can't delete anybody associated to an entity by default
  • Everybody should be able the create new contacts if they were missing
• general there are two types of contacts:
  • created by system (when creating a entity, e.g. device)
  • created by other user

Edit Permission for contacts created by system

• the super user (SMS-admin)
• the user (contact) himself

Edit Permission for contacts created by other user

• the super user (SMS-admin)
• the other user how created the contact
• the user (contact) himself

Requirements

• the database must know who created the contact: the system or an other user (and of course the user id)
  • e.g. table contacts gets another column created_by of type string (varchar)
  • possible values would be:
    • system
    • the user_id of the user who created the contact