Create a plan for user authorization in 3.y
CLOSED - WONTFIX
This task is successful when reasonable answers to the below questions have been agreed on, and tasks have been created that cover at least the next steps, if not all of the work required.
Q: do we need to introduce a more detailed framework like Django Guardian? (https://github.com/lukaszb/django-guardian )
Q: Will we need to add custom authz logic? What's the scope?
Q: To what extent can/should we migrate existing authz data? Perhaps we should just not.
+1 to not doing this now, but we look at porting the data after we have the new one implemented. In other words, we could green-field use django's auth and decide later.
Also check discussion in the related issue.