Backend: permission levels for campaigns

Created by: mrnugget

Taken from RFC 157.

Tasks

Distinguish between admin- and read-permissions

• authors of a campaign (author_id) have admin permission
• site admins also have admin access
• everybody else read

Check for admin permissions would be (for now): campaign.author_id == currentUser.id || currentUser.IsSiteAdmin()

• Check for admin permissions in these mutations:
  • publishCampaign
  • publishChangeset
  • retryCampaign
  • updateCampaign
  • addChangesetsToCampaign
  • syncChangeset
  • closeCampaign
  • deleteCampaign
• Hide errors: return empty array in campaign.status.errors
• Add a viewerCanAdminister flag to Campaign to display/hide controls in the UI