Adds 2 new permissions related to bulk user registration and bulk channel creation. Permissions are assigned

admin role.

The nimble:restivus package, used by REST api, does not support alanning:roles with 'groups'.  It doesn't even
use the alanning:roles API to check for roles.  As a workaround, I removed restivus's rolesRequired check from
the bulk api methods and added Rocketchat.authz.hasPermission checks.

packages/rocketchat-authorization/server/startup.coffee

@@ -72,6 +72,11 @@ Meteor.startup ->
 		{ _id: 'delete-d',
 		roles : ['admin', 'site-moderator']}
 
+		{ _id: 'bulk-register-user',
+		roles : ['admin']}
+
+		{ _id: 'bulk-create-c',
+		roles : ['admin']}
 	]
 
 	#alanning:roles

server/restapi/restapi.coffee

@@ -99,23 +99,31 @@ NOTE:   remove room is NOT recommended; use Meteor.reset() to clear db and re-se
 ###
 Api.addRoute 'bulk/register', authRequired: true,
 	post:
+		# restivus 0.8.4 does not support alanning:roles using groups
 		#roleRequired: ['testagent', 'adminautomation']
 		action: ->
-			try
+			if RocketChat.authz.hasPermission(@userId, 'bulk-register-user') 
-				Api.testapiValidateUsers  @bodyParams.users
+				try
-				this.response.setTimeout (500 * @bodyParams.users.length)
+
-				ids = []
+					Api.testapiValidateUsers  @bodyParams.users
-				endCount = @bodyParams.users.length - 1
+					this.response.setTimeout (500 * @bodyParams.users.length)
-				for incoming, i in @bodyParams.users
+					ids = []
-				 	ids[i] = {uid: Meteor.call 'registerUser', incoming}
+					endCount = @bodyParams.users.length - 1
-				 	Meteor.runAsUser ids[i].uid, () =>
+					for incoming, i in @bodyParams.users
-				 		Meteor.call 'setUsername', incoming.name
+					 	ids[i] = {uid: Meteor.call 'registerUser', incoming}
-				 		Meteor.call 'joinDefaultChannels'
+					 	Meteor.runAsUser ids[i].uid, () =>
+					 		Meteor.call 'setUsername', incoming.name
+					 		Meteor.call 'joinDefaultChannels'
+
+					status: 'success', ids: ids
+				catch e
+					statusCode: 400    # bad request or other errors
+					body: status: 'fail', message: e.name + ' :: ' + e.message
+			else
+				console.log '[restapi] bulk/register -> '.red, "User does not have 'bulk-register-user' permission"
+				statusCode: 403    
+				body: status: 'error', message: 'You do not have permission to do this'
 
-				status: 'success', ids: ids
-			catch e
-				statusCode: 400    # bad request or other errors
-				body: status: 'fail', message: e.name + ' :: ' + e.message
 
 
 
@@ -163,18 +171,26 @@ NOTE:   remove room is NOT recommended; use Meteor.reset() to clear db and re-se
 ###
 Api.addRoute 'bulk/createRoom', authRequired: true,
 	post:
+		# restivus 0.8.4 does not support alanning:roles using groups
 		#roleRequired: ['testagent', 'adminautomation']
 		action: ->
-			try
+			# user must also have create-c permission because 
-				this.response.setTimeout (1000 * @bodyParams.rooms.length)
+			# createChannel method requires it
-				Api.testapiValidateRooms @bodyParams.rooms
+			if RocketChat.authz.hasPermission(@userId, 'bulk-create-c') 
-				ids = []
+				try
-				Meteor.runAsUser this.userId, () =>
+					this.response.setTimeout (1000 * @bodyParams.rooms.length)
-					(ids[i] = Meteor.call 'createChannel', incoming.name, incoming.members) for incoming,i in @bodyParams.rooms
+					Api.testapiValidateRooms @bodyParams.rooms
-				status: 'success', ids: ids   # need to handle error
+					ids = []
-			catch e
+					Meteor.runAsUser this.userId, () =>
-				statusCode: 400    # bad request or other errors
+						(ids[i] = Meteor.call 'createChannel', incoming.name, incoming.members) for incoming,i in @bodyParams.rooms
-				body: status: 'fail', message: e.name + ' :: ' + e.message
+					status: 'success', ids: ids   # need to handle error
+				catch e
+					statusCode: 400    # bad request or other errors
+					body: status: 'fail', message: e.name + ' :: ' + e.message
+			else
+				console.log '[restapi] bulk/createRoom -> '.red, "User does not have 'bulk-create-c' permission"
+				statusCode: 403    
+				body: status: 'error', message: 'You do not have permission to do this'