Reduce Regional Staff Group Permissions

[elipe17]

Summary of Changes

• Added migration reducing Regional user access
• Removed tests since regional users can no longer manipulate other users
• Updated viewset to disallow regional staff access to all users

Pull request closes #3476

How to Test

cd tdrs-frontend && docker-compose up --build
cd tdrs-backend && docker-compose up --build

1. Open http://localhost:3000/ and sign in.
2. Set your group as OFA Regional Staff
3. Verify that v1/users only returns your user and not all users
4. Verify you can only see submission history for users in your region(s)
5. Verify you cannot submit datafiles from the frontend or DRF

Note: Jan's work in #3385 handles the acceptance criteria related to the frontend. E.g. Regional users cannot submit datafiles and only see submission history for users in their region

Deliverables

More details on how deliverables herein are assessed included here.

Deliverable 1: Accepted Features

Checklist of ACs:

• RO staff should have access to the front end
• RO staff should not have access to any files submitted by their STTs
• RO staff should only have access to their own user's information and user information visible from submission history tables
• Testing Checklist has been run and all tests pass
• README is updated, if necessary

Deliverable 2: Tested Code

• Are all areas of code introduced in this PR meaningfully tested?
  • If this PR introduces backend code changes, are they meaningfully tested?
  • If this PR introduces frontend code changes, are they meaningfully tested?
• Are code coverage minimums met?
  • Frontend coverage: [insert coverage %] (see CodeCov Report comment in PR)
  • Backend coverage: [insert coverage %] (see CodeCov Report comment in PR)

Deliverable 3: Properly Styled Code

• Are backend code style checks passing on CircleCI?
• Are frontend code style checks passing on CircleCI?
• Are code maintainability principles being followed?

Deliverable 4: Accessible

• Does this PR complete the epic?
• Are links included to any other gov-approved PRs associated with epic?
• Does PR include documentation for Raft's a11y review?
• Did automated and manual testing with iamjolly and ttran-hub using Accessibility Insights reveal any errors introduced in this PR?

Deliverable 5: Deployed

• Was the code successfully deployed via automated CircleCI process to development on Cloud.gov?

Deliverable 6: Documented

• Does this PR provide background for why coding decisions were made?
• If this PR introduces backend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces frontend code, is that code easy to understand and sufficiently documented, both inline and overall?
• If this PR introduces dependencies, are their licenses documented?
• Can reviewer explain and take ownership of these elements presented in this code review?

Deliverable 7: Secure

• Does the OWASP Scan pass on CircleCI?
• Do manual code review and manual testing detect any new security issues?
• If new issues detected, is investigation and/or remediation plan documented?

Deliverable 8: User Research

Research product(s) clearly articulate(s):

• the purpose of the research
• methods used to conduct the research
• who participated in the research
• what was tested and how
• impact of research on TDP
• (if applicable) final design mockups produced for TDP development

[codecov]

Codecov Report

Attention: Patch coverage is 86.66667% with 2 lines in your changes missing coverage. Please review.

Project coverage is 90.63%. Comparing base (d2b05be) to head (5566978).

Files with missing lines	Patch %	Lines
...grations/0044_regional_staff_permissions_update.py	85.71%	2 Missing ⚠️

Additional details and impacted files

@@                            Coverage Diff                             @@
##           3385-regional-staff-submission-history    #3493      +/-   ##
==========================================================================
- Coverage                                   90.67%   90.63%   -0.05%     
==========================================================================
  Files                                         311      312       +1     
  Lines                                        8923     8936      +13     
  Branches                                      680      680              
==========================================================================
+ Hits                                         8091     8099       +8     
- Misses                                        705      709       +4     
- Partials                                      127      128       +1     

Flag	Coverage Δ
dev-backend	90.40% <86.66%> (-0.05%)	⬇️
dev-frontend	92.23% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
tdrs-backend/tdpservice/users/views.py	95.91% <100.00%> (-0.09%)	⬇️
...grations/0044_regional_staff_permissions_update.py	85.71% <85.71%> (ø)

... and 1 file with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d2b05be...5566978. Read the comment docs.

[raftmsohani]

LGTM