[ ] Currently all authenticated users can write. Change it so only authors and admins can write into the tmp directory and nowhere else, the functions convert and clean the rest.
[ ] Check if the events security rules are fine like that, because confirmed members could access events they are not invited to like mentioned in #257
[ ] Think about if the problem of #229 is just a request problem or if rules need changes
tmp
directory and nowhere else, the functions convert and clean the rest.