Identify the scope of access control needed for this sprint and implement just enough

[dennyabrain]

In its current scope, access control would mean the following categories of checks :

Role Check :

• [ ] Users with role of uploader or viewer should not be able to access endpoints meant for admin user. This would involve any endpoint for /index

Ownership Check :

• [ ] Ensuring that uploaders or tokens associated with them can only be used to read/write/update media belonging to datasets they have created.

[dennyabrain]

In the current state when there is no caching and only limited number of datasets and owners, I wonder if its worth attempting loading and retaining user and dataset data in memory at server startup. This way ownership checks and role checks should not need database calls.