Broadly extend organization owner group permissions
What does this MR do and why?
This is a first step in providing an organization owner with administrative rights for all entities within their organization. The core of this change is in !145996 (diffs) with the corresponding spec in !145996 (diffs)
Many spec files had to be adjusted in this MR because many tests have the following pattern:
with admin user do
when in admin mode do
...
end
when not in admin mode do
...
end
end
This creates a problem for this MR where when not in admin mode
fails because the admin is often automatically assigned owner of the default organization. This MR essentially provides admin rights to organization owners within their organization which contradicts the previous expectation that the admin outside of admin mode would not have admin rights. To fix this problem we have to apply the ':without_default_org' trait when creating an admin user which prevents the admin from being added as an owner of the default organization.
Also note that some query counts increased because of the organization ownership checks.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
Related to #440355 (closed)