Add role-based access control system #276
Description
Currently we have 3 roles: Instructor, TA, Student.
We should implement the following based on @karger ‘s suggestion
a role-based access control system, where there are various actions like creating a comment, deleting a student, seeing an identity, and so on, and a role is defined by which specific actions it has permissions to do. There seems to be a number of role-based access control extensions for nodejs, so we should be able to get the functionality without writing it ourselves. https://gist.github.com/mooniker/b87a284378f2ba29dbc3845bcf6efd3b