Admin users can no longer delete/demote themselves

[linzjax]

Proposed changes in this pull request

• Fixes Organization Admin can delete herself, creating admin-less organization #548
• Org admins can no longer delete themselves from their organization (UI or API)
• Org admins can no longer change their own permission in the organization (UI or API)
• Org admins will now have to be deleted/demoted by a superuser or another admin in the organization.

When should this PR be merged

Whenever.

Risks

• None

Follow up actions

• Some changes to the API, so the documentation of errors needs to be updated, but not sure if it's worth it until the great API clean-up.

[ian-ross]

This is the sole and single line I would quibble with in this PR. To me, "warning" implies that the action was taken, but you might not have wanted to do it. This though is an "error", since the action wasn't taken (because it's forbidden).

Also, you've invented a response format here that we don't use anywhere else (the {"WARNING": "blah"} thing). Instead, it might be better just to raise a Django PermissionDenied exception and let Django deal with generating the response in its usual format.