403 status code added

The API will now return 403 Forbidden when a non-admin user tries to
perform an admin action.

This code is required to handle auth errors correctly on the UI side and
not log off users on 403.

Change-Id: Ib684f6271b8ca8d460075e4f0c56fb754a965b7d

storyboard/api/auth/authorization_checks.py

@@ -13,6 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+from pecan import abort
 from pecan import request
 
 from storyboard.api.auth.token_storage import storage
@@ -55,4 +56,7 @@ def superuser():
     token_info = token_storage.get_access_token_info(token)
     user = user_api.user_get(token_info.user_id)
 
+    if not user.is_superuser:
+        abort(403, "This action is limited to superusers only.")
+
     return user.is_superuser