Add authorization to Resource/Insight on the client side

[tschaffter]

There are currently issues with user notifications that I need to address: #580

Right now, both admin and test user get the same initial notification in their sidenav. Each of them should have different initial seed notification.

Update: The issue is that the UserNotificationDataService is initialized once a user logs in, but doesn't "reset" when the user logs out and when another user logs in (on the same computer).

• [x] Fix this issue to enable admin and test user to correctly fetch their notifications.

[tschaffter]

Update: UserNotificationDataService is now behaving properly relative to user login/logout. The backend shows that the notification of the Admin are fetched when he logs in, and after logout and User logs in, then the notifications of the User are being fetched. However, the notification sidenav is not in sync with this and constantly show the notifications of the first user who logs in (Admin or User) after a server restart. This is because the sidenav does not use the UserNotificationDataService...

[tschaffter]

In the illustration below, the Test user receives a notification that he has been invited to join a project. The Admin doesn't receive this notification, which was the issue reported in #426.

[tschaffter]

Starting to work on #356

[tschaffter]

Authorization has been added to define who can edit and delete a Resource.

A few notes:

• Attempting to update a Resource shows "Not implemented yet"
• There is a button to create a new Insight based on the current resource, but this will not be implemented in Milestone 2.

[ychae]

Notification testing: only the invitee gets an orange notification bubble. The sender no longer gets a duplicate notification.

[tschaffter]

• [x] Enable user to update Resource (a notification shows Not implemented)

The issue was at the level of the server-side authorization when checking if the requester is the author of the resource. Disable this and now any user of the portal can edit a resource (basically just authentication, no authorization).

The same issue was affecting Insights. Fixed the same way.

[tschaffter]

• [x] Add client side authorization for Insight similarly to how I did it for Resources.
• [x] Add a Not implemented message for Create Insight button on the page of a resource.

[tschaffter]

@ychae @jaeddy The latest update to this PR completes the addition of authorization to Resources and Insights of a project (client side only). The authorization decides when the user can see the button Edit Resource/Insight and Delete Resource/Insight.

REMINDER: In Milestone 2, we are not addressing authorization on the server side, only on the client side so that user can enjoy the expected experience. This is sufficient to receive feedback from users at this point.

[ychae]

@tschaffter this looks pretty good to merge! Thanks so much, I've added my notes below.

Create/Edit Resource I tested the ability to create all 4 types of Resources (dashboard, article, webapp, and state) as test user and admin and was able to do so successfully. I then edited description, title, and URL and was able to successfully for the resources that I created.

Restrict edit powers to dashboard creator/admin I then checked to see if test user could edit the description of the Flatiron dashboard and wasn't able to (whoo hoo! the option wasn't even presented). I also then tested if test user to edit the descriptions of dashboards of a project that admin invited them to with only read access and I couldn't edit (yay! the option wasn't even presented).

Delete Resources I was also able to successfully delete the resources I created as test user. The option wasn't even presented to me on the private project where I only had read access.