Clean up and consolidate permissions.

[rtibbles]

Summary

Description of the change(s) you made

Consolidates all our permission checking against filter_view_queryset and filter_edit_queryset class methods.
Removes permissions from users for the now unused orphan tree.

Manual verification steps performed

Did not change the semantics for internal views - but wondering if we want to move completely to 404s instead of 403s.

Reviewer guidance

How can a reviewer test these changes?

These endpoints should be covered by unit tests.

Are there any risky areas that deserve extra testing?

This might need some integration testing with ricecooker.

References

Fixes #3071 by making filter_edit_queryset filter nothing for admins.

---

Contributor's Checklist

PR process:

• If this is an important user-facing change, PR or related issue the CHANGELOG label been added to this PR. Note: items with this label will be added to the CHANGELOG at a later time
• If this includes an internal dependency change, a link to the diff is provided
• The docs label has been added if this introduces a change that needs to be updated in the user docs?
• If any Python requirements have changed, the updated requirements.txt files also included in this PR
• Opportunities for using Google Analytics here are noted
• Migrations are safe for a large db

Studio-specifc:

• All user-facing strings are translated properly
• The notranslate class been added to elements that shouldn't be translated by Google Chrome's automatic translation feature (e.g. icons, user-generated text)
• All UI components are LTR and RTL compliant
• Views are organized into pages, components, and layouts directories as described in the docs
• Users' storage used is recalculated properly on any changes to main tree files
• If there new ways this uses user data that needs to be factored into our Privacy Policy, it has been noted.

Testing:

• Code is clean and well-commented
• Contributor has fully tested the PR manually
• If there are any front-end changes, before/after screenshots are included
• Critical user journeys are covered by Gherkin stories
• Any new interactions have been added to the QA Sheet
• Critical and brittle code paths are covered by unit tests

---

Reviewer's Checklist

This section is for reviewers to fill out.

• Automated test coverage is satisfactory
• PR is fully functional
• PR has been tested for accessibility regressions
• External dependency files were updated if necessary (yarn and pip)
• Documentation is updated
• Contributor is in AUTHORS.md

[bjester]

Looks good

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (unstable@92a5c78). Click here to learn what that means.
The diff coverage is n/a.

@@             Coverage Diff             @@
##             unstable    #3100   +/-   ##
===========================================
  Coverage            ?   85.85%           
===========================================
  Files               ?      298           
  Lines               ?    15825           
  Branches            ?        0           
===========================================
  Hits                ?    13586           
  Misses              ?     2239           
  Partials            ?        0           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 92a5c78...04eaf2a. Read the comment docs.

[pcenov]

Tested and verified as fix at https://hotfixes.studio.learningequality.org/