Place idValidator middleware before all authorization middleware

[pierreTklein]

The RouteParam.idValidator should be before ensureAuthorized so that there is not a 500 error when the user enters in an invalid id.

Originally posted by @pierreTklein in #285