Made several changes:
- added viewing OTP backup tokens for admins
- added admin access to author dashboard and editing posts not in
admin area
- removed canAuthorPages and can canPublishPages from
hasAuthorDashboard
- added admin editing and deletion of posts from the post page
- redirect after post deletion to home page
- added author of post when viewing posts as publisher and admin on
Author Dashboard and admin post view
- Moved the responsibility of expiring Announcements from MongoDB into
the Reeeper
- Added logic to clean up comments attached to an expiring Announcement
- ResourceStats are now much more universal and common
- CommentStats are for comments only
- More routines to comment on and vote on "content resources"
It was possible for Users to grant themselves flags and permissions.
These operations now require Admin privileges, and are only implemented
by services.user.updateForAdmin. The services.user.update method no
longer has any logic to alter flags and/or permissions.