Add role-based authorization controls (RBAC) plugin

[preaction]

Now that we have a single standard Auth plugin API, we can have a single role-based authorization plugin that covers all authentication.

Create a Yancy::Plugin::Access::Role plugin. This plugin should take the following configuration:

• collection - The collection that stores the role to user mapping
• userid_field - The field that stores the user ID in the role collection
• role_field - The field that stores the role name

Role collections can have other fields, like description or ancillary data. Once data relationships work in the editor, we can have the user ID and role name fields be drop-down boxes linked to the users table and a main roles table (so that users do not mistype role names).

This plugin should add a single helper: yancy.access.require_role. The helper should take an array reference of role names. If the current user does not have one of the given roles, the authorization check should fail and the user should be shown the Unauthorized page.

Then, the editor should get a new configuration: editor.require_role (alongside editor.require_user). This should take an array reference of roles. If this is specified, the user's role should be checked with the yancy.access.require_role helper. If the current user does not have one of the given roles, the authorization check should fail and the user should be shown the Unauthorized page.

In the future we may add other ways to restrict access (Github Org membership, LDAP groups, etc...), so our API should be simple.

[mario-minati]

Did you already see the new Mojolicious::Plugin::ContextAuth? It is developed from RENEEB, who is part of our software project. We will switch to that plugin soon. The plugin is still under development. Support for more DB backend is on the way. Maybe that could be an option.