Pulp

https://www.django-rest-framework.org/api-guide/permissions/#setting-the-permission-policy

If we set DEFAULT_PERMISSION_CLASSES to AccessPolicyFromDB we can remove the need to specify permission_classes on viewsets wanting to add RBAC. Also, by having the permissions set by this setting users who want to use their own custom permission_classes won't have to subclass, monkey-patch, chain-load their classes for our viewsets with Pulp RBAC.

TODO:

1. Remove permission_classes from any RBAC viewset so they can use the default setting.
2. Remove part of RBAC plugin writers docs saying to add AccessPolicyFromDB to their viewset's permission_classes
3. Add a default access policy to AccessPolicyFromDB here https://github.com/pulp/pulpcore/blob/354383883032277e7a1f7dc7ddf2dc0a5bc40fad/pulpcore/app/access_policy.py#L33 for viewsets that won't have access policies yet. Default would probably be just an admin user check.

*For step 3 we could instead create a new permissions class that is an or ( | ) combination of AccessPolicyFromDB and IsAdminUser and have that become the new default permissions class. e.g.

from rest_framework.permissions import IsAdminUser
from pulpcore.app.access_policy import AccessPolicyFromDB

AdminOrPolicyFromDB = IsAdminUser | AcessPolicyFromDB