fix shared links when logged in

[prestonp]

planning on a large revamp for order item management

• Refactor shared order tests. Think the /test/performance/ tests should run in a separate db that gets wiped every time the tests are run.
• Move to /api endpoints backed by dirac dals
• Break up and simplify existing authentication logic. This is all over the place and should ideally be self-contained depending on how you want to authenticate requests. Checking if the request is from a restaurant owner? Then that logic should be in it's own middleware.
• Fix backbone models, I made the decision to support passing edit_token via url query or in the body of the request. This doesn't really make sense because DELETE requests shouldn't even have body data.

[jrf0110]

Maybe we should support some sort of GB-AUTH-TOKEN header or something that would authenticate the request as a certain type of user (depending on the contents of the token). In a lot of places, we check for the presence of the edit_token or review_token to inform our templates. For instance, the /orders/:oid page does this. Instead, we should be relying on the type of user that is authenticated and the state of the order.