TD-4880 Prevent administrators from viewing Activity Delegates for self assessments in a category that doesn't match their own

[ABSinhaa]

JIRA link

TD-4880

Description

Added a check for the categoryId of the admin users while fetching the self assessments, making sure we only pull the self assessments that matches the categoryId on the admin account of the user, also added an Unauthorized check when anyone tries to manipulate the self assessment delegates using the query string URL being opened. If there's a categoryId on the admin account of the user, then show self assessments that are specific to the categoryId, if there's no categoryId on the admin account of the user, continue showing all the self assessments.

Screenshots

---

Developer checks

(Leave tasks unticked if they haven't been appropriate for your ticket.)

I have:

• [x] Run the formatter and made sure there are no IDE errors (see info on Text Editor settings to avoid whitespace changes)
• [x] Written tests for the changes (accessibility tests, unit tests for controller, data services, services, view models, etc)
• [x] Manually tested my work with and without JavaScript
• [x] Tested any Views or partials created or changed with Wave Chrome plugin and addressed any valid accessibility issues
• [ ] Updated/added documentation in Confluence and/or GitHub Readme. List of documentation links added/changed:
  • doc_1_here
• [x] Updated my Jira ticket with information about other parts of the system that were touched as part of the MR and have to be sanity tested to ensure nothing’s broken
• [ ] Scanned over my pull request in GitHub and addressed any warnings from the GitHub Build and Test checks.