Closes #16137: Remove is_staff boolean from User model (#20306)

* Closes #16137: Remove is_staff boolean from User model

* Remove default is_staff value from UserManager.create_user()

* Restore staff_only on MenuItem

* Introduce IsSuperuser API permission to replace IsAdminUser

* Update and improve RQ task API view tests

* Remove is_staff attribute assignment from RemoteUserBackend

netbox/utilities/api.py

@@ -6,6 +6,7 @@ from django.db.models.fields.related import ManyToOneRel, RelatedField
 from django.urls import reverse
 from django.utils.module_loading import import_string
 from django.utils.translation import gettext_lazy as _
+from rest_framework.permissions import BasePermission
 from rest_framework.serializers import Serializer
 from rest_framework.views import get_view_name as drf_get_view_name
 
@@ -16,6 +17,7 @@ from .query import count_related, dict_to_filter_params
 from .string import title
 
 __all__ = (
+    'IsSuperuser',
     'get_annotations_for_serializer',
     'get_graphql_type_for_model',
     'get_prefetches_for_serializer',
@@ -27,6 +29,14 @@ __all__ = (
 )
 
 
+class IsSuperuser(BasePermission):
+    """
+    Allows access only to superusers.
+    """
+    def has_permission(self, request, view):
+        return bool(request.user and request.user.is_superuser)
+
+
 def get_serializer_for_model(model, prefix=''):
     """
     Return the appropriate REST API serializer for the given model.

netbox/utilities/templatetags/navigation.py

@@ -30,7 +30,7 @@ def nav(context):
                     continue
                 if not user.has_perms(item.permissions):
                     continue
-                if item.staff_only and not user.is_staff:
+                if item.staff_only and not user.is_superuser:
                     continue
                 buttons = [
                     button for button in item.buttons if user.has_perms(button.permissions)