Listing availability entries by owner account id

[michael-kamel]

Closes #18 I went with the suggestion of querying the device availability endpoint directly. Since we already have one for fetching by device id, I used the same endpoint and implemented it in such a way that we can query availability entries by specifying criteria.

[michael-kamel]

Looks good, only one thing. I think it would be better if we only allow users to access the list of their own device availabilities for now. Later, we might want to extend it but right now, it is probably better to limit access - also for data privacy reasons. Maybe just compare the ownerid with the current user at the beginning of the controller method?

And when we implement an admin view, we could allow admins to see everything.

I can go with the controller workaround for now. The other way to do it is to provide an endpoint on the user's resource /account/me/device_availability_list since in principle the user entity should have an attribute linking to his/her availability listings and in the future, other resources owned by the user can be fetched the same way. I am with the controller workaround for now, at least until we have a clearer picture of how things should function.

[chaoran-chen]

Yeah, I think it's fine if we do it with the check in the controller for now. Just return a 401 if someone tries to access information for which she does not have permission.