Authorize request to POST and DELETE endpoints
Authorization is based on groups got when user's request is
authenticated. In development environment, it would be convenient to
disable it by setting AUTHORIZE_DISABLED to True.
Signed-off-by: Chenxiong Qi <cqi@redhat.com>