Verify user role when handling a source

On source POST and DELETE, we need to make sure that user exists and has correct rights.

Check user role to make sure he is least source-manager, or super-admin

For DELETE, check that he is the user who uploaded the source (or a super-admin).