updated routes to reflect usable actions in controllers

removed unused controllers: User_org_roles, user_org_types, user_statuses, user_types

added auth and removed json from project_groups controller. additionally added constraint to projects and plans controllers that all actions must be authenticated through pundit

added auth and removed json from project_groups controller. additionally added constraint to projects and plans controllers that all actions must be authenticated through pundit

removed unused json responses and added auth to plans controller

removed json and added authorization to projects controller

updated routes to reflect earlier changes i.e. removing unused CRUD, exposed resources and actions

moved authorization logic from comments controller to policy file. Additionally removed unused crud methods

moved logic for authorization out of answers controller into the policy

removed json and added authorization to answers_controller

removed themes_controller as it was never used

removed json and forced authorization for dmptemplates

removed json and forced authentication on guidance_groups

removed all json responces from guidances controller and forced authorization

removed authorization from home-controller as some users will not be logged in when request fielded

forced auth on organisations_controller. TODO: re-check parent, children, and templates after AJAX removed

modified organisations

added auth to home controller

removed verify_authorized out to individual controllers

forced all actions to be authenticated through pundit

removed unused actions and json from users controller

updated efficiency of update_user_permissions

more merge conflicts

added ability to grant permissions to other users

fixed a bug where users' api_tokens would display if they had none

overhaul of performance of users admin-index

added new permissions to api

added docs to new function

finished changes to update_user_permissions

made changed to user.rb