Secure API

[gerrycampion]

Currently, even though the frontend is restricted, all API functionality is accessible by all CDISCID users.

Acceptance Criteria:

• Only users with write permissions (currently this means users in the Core Author Group) should be authorized to perform create, update, delete operations via the api

[gerrycampion]

@nickdedonder I'm not sure why this was closed. I think it is an important security concern