Add route permission for editing api backend

[bajiat]

Before displaying API edit view, check if the user has permission to edit the API. If user does not have permission, show an error message.

Definition of done

• Add router action to check that a user id is in the API managers list.
  • Display an error message if the user is not allowed to edit the API.
  • Render the form, if user is authorized to edit the API configurations.
• Create route onBeforeAction using previously defined action.

[brylie]

@frenchbread, please provide us with a status update.

[frenchbread]

@brylie I'm having some difficulties here. I wrote the logic and it seems to be fine but it does not work as expected. I've created a PR #392 and labeled it as WIP so @apinf/developers could easily refer to it.
I have been troubleshooting it for a long time but nothing and need some help with this issue.

[brylie]

@frenchbread break the final step into parts.

Subscription

Change your route-level subscription to a template-level subscription

Template

Create a Not Authorized template to display an error to the user (similar to Not Found template)

onBeforeAction

1. Define a function in lib/_config/router.js similar to redirectToSignIn.
2. Inside your function, if the user is not authorized
   1. call to Meteor.error with an appropriate error number and descriptive text
   2. Render the 'Not Authorized' template
3. Add your function to the route onBeforeAction, so the user is authorized before the route renders

If the user is authorized, the route this.next() should be called, so that the route works as expected for an authorized user. Also, when displaying the 'not authorized' template, make sure the template subscription (containing the API Backend data) is not subscribed.

[brylie]

Opened pull request #452