✨(backend) add resource server api

[Ash-Crow]

Purpose

Adds a resource server API similar to the one that already exists for Drive.

Proposal

• Add a new resource_server API with four endpoints : documents, document_accesses, document_invitation, users, along with unit tests that check that :
  • anonymous users can't use these endpoints
  • logged-in users can't use the endpoints that are not active by default
  • for each action that is allowed by default, that it works
  • for each action that is not allowed by default, that is is forbidden, and works if explicitely allowed (see detailed list below)
• Add a documentation for the new API at docs/resource_server.md.
• Fix some intermittent errors in other unit tests
• Fix some missing entries in the DocumentViewSet docstring.

List of actions for each endpoint

• For documents:

  • list (allowed by default)
  • retrieve (allowed by default)
  • create (allowed by default)
  • update
  • delete
  • trashbin
  • restore → added to the documentation, it was missing
  • move → added to the documentation, it was missing
  • duplicate → bypasses restriction checks, so always allowed for logged-in users
  • children (allowed by default)
  • versions_list
  • versions_detail
  • favorite_list → bypasses restriction checks, so always allowed for logged-in users
  • favorite
  • create-for-owner → not allowed.
  • link_configuration
  • attachment_upload
  • media_auth
  • ai_transform
  • ai_translate
  • ai_proxy

• For document accesses:

  • list
  • retrieve
  • create
  • update
  • partial_update
  • destroy

• For invitations:

  • list
  • retrieve
  • create
  • partial_update
  • destroy

• For users:

  • get_me (allowed by default)
  • check that other actions are not allowed

[lunika]

This example does not work for Docs, only for Drive.

[lunika]

Suggested change

	return False
	return False