Scope check does not work if a security dependency has already occured

[johnmartins]

To replicate:

• Create a user without an admin scope
• Try deleting some other user

This happens because we have two instances of the security dependency. The first one, which is the one that is effective, is in the core router layer:

sed-backend/apps/core/router.py

Line 19 in 9c46d43

router.include_router(router_users, prefix='/users', tags=['users'], dependencies=[Security(verify_token)])

The second instance is in the router end-point definition:

sed-backend/apps/core/users/router.py

Line 49 in 9c46d43

dependencies=[Security(verify_token, scopes=['admin'])])

The second one does not have an effect. This error is present in multiple places. We need another method for asserting scoped permissions.

[johnmartins]

It's possible that the only solution to this is to remove the security dependencies from the routers, and implement them on each individual end-point instead. I've so far found no examples of anybody else implementing it on a router level as we've done.

[johnmartins]

This was partially solved by #46 as it includes a new solution for controlling user scopes