Introduce account and authorization. (!231) · Merge requests · schleuder / schleuder

Nina requested to merge authentication into release-4.0 Dec 16, 2018

Each account has a password and is associated with every subscription that has the same email-address.
Authentication at the API now requires the email-address and the account password.
Authorization is based on the account derived from policies that are defined for each resource.
Accounts can be flagged as "api_superadmin" by using a CLI-subcommand. api_superadmins may do any request at the API, regardless of subscription of admin-status.

Edited Dec 16, 2018 by Nina

Introduce account and authorization.