Add RoR CRUD for User model

[eleidan]

Update User policy The following changes are introduced:

• any registered user can get the list of all users;
• any registered user can get the list of approval requests assigned to any particular user;
• any registered user can get the list of all users;
• only user with a member role can get the list of available vacations for any other user;
• only user with a member role can get the list of requested vacations for any other user.

NOTE: The policy is a subject for changes in future! Probably the best option is to move to current user related access. For instance, to use URI like /users/approval_requests instead of /users/<user_id>/approval_requests Another way is to use Pundit scopes to provide smart filtering.

Override User#as_json to filter out attributes The main idea is to provide only particular set of attributes by default. For instance, BB does not care about created_at and updated_at attributes.

Provide possibility to skip password validation The main idea is to allow creating new users without passwords. The Devise takes care of many manipulations on User model, and it provides possibility to save User model into DB omitting password validation.

Update the following CRUD action methods in UsersController:

• index.

Add the following CRUD action methods into UsersController:

• create,
• update,
• destroy.

[alazarchuk]

LGTM