Feature Request: User Roles and Permissions Management

[berntpopp]

Summary
Design and implement a robust user roles and permissions management system to regulate access to various sections and functionalities of the application based on user roles.

Description
As the application scales and more users interact with it, it becomes imperative to establish a structured access control system. This system will define various user roles with specific permissions to control what users can see and do within the app. Administrators should have the ability to assign roles and modify permissions as necessary.

Acceptance Criteria

• [x] Define clear user roles such as Administrator, Editor, Viewer, and any other roles relevant to the application.
• [x] Implement permissions that correspond to each role, governing access to create, read, update, and delete operations.
• [x] Administrators should be able to assign roles to users and change permissions from a dedicated admin panel.
• [x] Ensure the UI reflects the permissions of the logged-in user, hiding or disabling inaccessible features.
• [x] Permissions should be enforced on the server-side to prevent unauthorized actions even if the client-side is bypassed.
• [ ] The system must log all role assignments and permission changes for audit purposes.
• [ ] Users should receive feedback if they attempt to perform an action they do not have permission for.

User Stories

• As an administrator, I want to grant new users 'Viewer' access by default and elevate their access to 'Editor' after they complete training.
• As a curator, I need to have 'Editor' permissions to update gene information but should not be able to delete entries.
• As an external reviewer, I should only have 'Viewer' access to prevent any accidental modifications to the data.

Implementation Details

• Utilize Firebase Authentication roles and custom claims to manage user permissions.
• Create a mapping between user roles and permissions that can be easily updated as the app evolves.
• Develop a middleware for the backend that checks the user's role and permissions before processing any request.
• Build a front-end component for administrators to manage user roles and view the permissions matrix.

[berntpopp]

Additionally display the user role alongside the user icon.

[berntpopp]

Separate the audit trail part of this issue into an own issue.