security: protect existing endpoints

[MRita443]

After the work done in #147, we should protect existing endpoints from executing unpermitted requests. These include, namely:

• Limiting the edition and deletion of accounts to their owners or superusers;
• Limiting Activity and Account actions (like viewing, editing, and deleting) to users with the corresponding permissions.

Other use cases may be found and should be discussed with the team beforehand.