Add autorisation and remove most queue listeners
Load authenticated user from JWT. JWT includes claims for roles with a room id, the authenticated user has a list of authorities according to the claims. Implement a permission evaluator that handles autorisation.
Add HTTP POST endpoints for high-/lowlighting comments (e. g. /comment/<commentId>/_command/higlight
).
MR also removes queue bindings and listeners because data manipulation should always be done via HTTP API for more convenient auth handling.
Depends On: https://gitlab.com/arsnova/arsnova-webclient/-/merge_requests/681
Edited by Tom Käsler