Implement user roles and access rights to API and UI Elements

ToDo

• Restrict access to plugin async messages for guest, author and show manager
• Restrict access to async API of games the user has no access to
• Add spectator role without editing rights and no rights to view plugin data
• Restrict access to log messages which might contain sensitive (plugin) data
• Add config changes in "users" property to server README

Description

Each user can be assigned a role that restricts access to certain parts of

A) The server via the API

API needs to return Access Denied for API calls to resources that are not peemitted for the users role.

B) UI Elements and views in the editor

Editor needs to GET additional user info defining permissions and/or restriction via the API. Then modify the page accordingly hiding or disabling certain elements dependend on the users access rights.

---

For now I would suggest user roles are set in the server config file alongside user credentials.

Question is, if client knows about what user role has what access rights or if the API serves detailed information (see table in the comments below)