New setting for closed off meeting

[Elblinator]

Make backend changes for OpenSlides/openslides-client#3477

We need a new setting for the proposed functionality,

• e.g. meeting_locked_from_inside: Only participants from this meeting can navigate into this meeting, and only Participants who can manage settings can edit Meeting information

Clarification for meeting.update vs meeting.delete

• In contrast to the meeting.update a meeting.delete should still be possible for committee-admins, orga-admins and superadmins

This new setting will be off by default to preserve current functionality, so there's no migration necessary.

[luisa-beerboom]

i.e. rewrite permission checks to forbid all users who aren't in the meeting (including superadmin) from doing any sort of meeting-internal action if the setting is turned on. No adding participants, no changing settings, no creating motions, no voting, no uploading of mediafiles (pay attention: this is still permitted in orga, just not in meeting), etc. Only permissible action is to delete the meeting.

[r-peschke]

i.e. rewrite permission checks to forbid all users who aren't in the meeting (including superadmin) from doing any sort of meeting-internal action if the setting is turned on. No adding participants, no changing settings, no creating motions, no voting, no uploading of mediafiles (pay attention: this is still permitted in orga, just not in meeting), etc. Only permissible action is to delete the meeting.

Again and again: we should solve this issue by permissions. A button pressed for this action to create and the permissions making the difference could be removed from the groups.
But what is the difference? Just the super permissions from cml- and oml-level?
Would be easy with a new permission added to all existing groups (like may enter with cml- or oml-user_manage) and to remove them with the above action.

[luisa-beerboom]

Again and again: we should solve this issue by permissions. A button pressed for this action to create and the permissions making the difference could be removed from the groups. But what is the difference? Just the super permissions from cml- and oml-level? Would be easy with a new permission added to all existing groups (like may enter with cml- or oml-user_manage) and to remove them with the above action.

No that won't work, because this is about not allowing people to do anything in the meeting if they don't have any meeting permissions.

I.e. this is about forbidding f.E. the superadmin from editing data within a meeting he is not a member of, it is not about forbidding the meeting participants from doing anything.

[luisa-beerboom]

Updated https://github.com/OpenSlides/OpenSlides/wiki/Permission-System