[Discussion] Add basic permissions for dashboard users

[nkshah2]

Summary

Today every dashboard user is allowed to perform read and edit operations in the user management dashboard. While it would be good to have a proper role based system with the ability to block access to certain parts of the dashboard based on role permissions, we want to add some rudimentary setup for user permissions to allow/deny them edit operations (editing users for example)

Core changes

• The verify session API should return the user's email if the session is valid

Backend SDK changes

• Allow an array of admin emails to be passed during init of dashboard
• In verify session consume the email from the core
• For all non GET request check if the email exists in the array passed during init, fail if it isnt (All GETs are still allowed)
• If the user has provided an array of emails but the response for verify from the core does not contain an email, we should debug log a message explaining that they need to upgrade to the latest core (maybe provide a minimum version) and then fail the request. If they have not provided emails always allow and dont check for email in the verify response

Frontend Changes

• Change API handling to account for the fact that some actions may fail because of permissions

[rishabhpoddar]

We can make it so that users give an array of email IDs in the backend layer in dashboard.init which will be admin users. This will save time on making table changes in the core.