Implement Authorisation #111
Description
What?
This ticket covers the work to make sure that the logged in (Github) user is allowed to view the page they are asking for or the api endpoint they are hitting
This ticket is not about Authentication (the process of deciding if a user is who they say they are)
This ticket depends on #91
Why?
We already have a ticket to implement authentication. This covers the work to make sure that a person who says they are John Smith, really is John Smith.
But we don't want to allow anyone who has a Github account to access our system. We need to put limits in place
How
After a user has authenticated, then we will have access to their email. We can use this email to fetch their Slack profile for CYF and we can check in this profile data if the user is an admin or not isAdmin.
If they are an admin, we can permit them to view certain pages or to access certain api endpoints