Better handling of permissions

backend/api/events_routes.go

@@ -10,14 +10,16 @@ var EventsRoutes = map[string]core.Handler{
 		Handler:     events.HandleEvents,
 		Middlewares: []core.Middleware{Methods("GET")}},
 	"/events/new": {
-		Handler:     events.HandleNew,
-		Middlewares: []core.Middleware{Methods("POST"), AuthJWT}},
+		Handler: events.HandleNew,
+		Middlewares: []core.Middleware{Methods("POST"),
+			HasPermissions("events", "insert"), AuthJWT}},
 	"/events/{event_uuid}": {
 		Handler:     events.HandleEvent,
 		Middlewares: []core.Middleware{Methods("GET")}},
 	"/events/{event_uuid}/delete": {
-		Handler:     events.HandleDelete,
-		Middlewares: []core.Middleware{Methods("DELETE"), AuthJWT}},
+		Handler: events.HandleDelete,
+		Middlewares: []core.Middleware{Methods("DELETE"),
+			HasPermissions("events", "delete"), AuthJWT}},
 	"/events/{event_uuid}/update": {
 		Handler: events.HandleUpdate,
 		Middlewares: []core.Middleware{