This PR implements some basic authorisation on groups, so that any authenticated user can create groups, but only group admins can update them or delete them.
Also, the list of group members is now protected, so that it is required to be member of a group in order to be able to see details about people participating in that group. Except for Distribute Aid admin who can see all members from all groups in the system.
This PR implements some basic authorisation on groups, so that any authenticated user can create groups, but only group admins can update them or delete them.
Also, the list of group members is now protected, so that it is required to be member of a group in order to be able to see details about people participating in that group. Except for Distribute Aid admin who can see all members from all groups in the system.
Fixes #105