Adds 2 new permissions related to bulk user registration and bulk channel creation. Permissions are assigned

admin role.

The nimble:restivus package, used by REST api, does not support alanning:roles with 'groups'.  It doesn't even
use the alanning:roles API to check for roles.  As a workaround, I removed restivus's rolesRequired check from
the bulk api methods and added Rocketchat.authz.hasPermission checks.

packages/rocketchat-authorization/server/startup.coffee

@@ -72,6 +72,11 @@ Meteor.startup ->
 		{ _id: 'delete-d',
 		roles : ['admin', 'site-moderator']}
 
+		{ _id: 'bulk-register-user',
+		roles : ['admin']}
+
+		{ _id: 'bulk-create-c',
+		roles : ['admin']}
 	]
 
 	#alanning:roles

server/restapi/restapi.coffee

@@ -99,9 +99,12 @@ NOTE:   remove room is NOT recommended; use Meteor.reset() to clear db and re-se
 ###
 Api.addRoute 'bulk/register', authRequired: true,
 	post:
+		# restivus 0.8.4 does not support alanning:roles using groups
 		#roleRequired: ['testagent', 'adminautomation']
 		action: ->
+			if RocketChat.authz.hasPermission(@userId, 'bulk-register-user') 
 				try
+
 					Api.testapiValidateUsers  @bodyParams.users
 					this.response.setTimeout (500 * @bodyParams.users.length)
 					ids = []
@@ -116,6 +119,11 @@ Api.addRoute 'bulk/register', authRequired: true,
 				catch e
 					statusCode: 400    # bad request or other errors
 					body: status: 'fail', message: e.name + ' :: ' + e.message
+			else
+				console.log '[restapi] bulk/register -> '.red, "User does not have 'bulk-register-user' permission"
+				statusCode: 403    
+				body: status: 'error', message: 'You do not have permission to do this'
+
 
 
 
@@ -163,8 +171,12 @@ NOTE:   remove room is NOT recommended; use Meteor.reset() to clear db and re-se
 ###
 Api.addRoute 'bulk/createRoom', authRequired: true,
 	post:
+		# restivus 0.8.4 does not support alanning:roles using groups
 		#roleRequired: ['testagent', 'adminautomation']
 		action: ->
+			# user must also have create-c permission because 
+			# createChannel method requires it
+			if RocketChat.authz.hasPermission(@userId, 'bulk-create-c') 
 				try
 					this.response.setTimeout (1000 * @bodyParams.rooms.length)
 					Api.testapiValidateRooms @bodyParams.rooms
@@ -175,6 +187,10 @@ Api.addRoute 'bulk/createRoom', authRequired: true,
 				catch e
 					statusCode: 400    # bad request or other errors
 					body: status: 'fail', message: e.name + ' :: ' + e.message
+			else
+				console.log '[restapi] bulk/createRoom -> '.red, "User does not have 'bulk-create-c' permission"
+				statusCode: 403    
+				body: status: 'error', message: 'You do not have permission to do this'