feat: rbac middleware

[zlwaterfield]

Changes

Adding middleware for RBAC. This is mostly pulling the logic from @benjackwhite previous PR: #20864 but updating a bunch more tests and a few logic pieces.

See #24512 for more information.

Key additions:

• ee
  • AccessControlSerializer - for the AccessControl model
  • AccessControlViewSetMixin - Adds an "access_controls" action to the viewset that handles access control for the given resource
• posthog
  • AccessControlPermission - Unified permissions access - controls access to any object based on the user's access controls
  • UserAccessControlSerializerMixin - Mixin for serializers to add user access control fields
  • UserAccessControl - UserAccessControl provides functions for checking unified access to all resources and objects from a Project level downwards.

Many of the changes are test updates for the number of queries. Then we've also added the middleware to the viewsets of Dashboard, Projects, Organizations, Insights, Notebooks, Feature Flags, etc.

More details in Readme to come.

👉 Stay up-to-date with PostHog coding conventions for a smoother review.

Does this work well for both Cloud and self-hosted?

How did you test this code?

Updated existing tests
Added new tests

[benjackwhite]

This looks solid! (If i do say so myself).

Should be totally safe but we might want to be ready for a qucik revert just in case

[benjackwhite]

Ooh this is nice

[sentry-io]

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

• ‼️ AssertionError /api/feature_flag/local_evaluation/ View Issue

_{Did you find this useful? React with a 👍 or 👎}