security: Check authentication in SecurityManager checkAccess

In addition to providing defense in depth, this change makes it easier
to implement future enhancements such as support for read-only users.

src/node/padaccess.js

@@ -3,7 +3,9 @@ var securityManager = require('./db/SecurityManager');
 // checks for padAccess
 module.exports = async function (req, res) {
   try {
-    let accessObj = await securityManager.checkAccess(req.params.pad, req.cookies.sessionID, req.cookies.token, req.cookies.password);
+    const {session: {user} = {}} = req;
+    const accessObj = await securityManager.checkAccess(
+        req.params.pad, req.cookies.sessionID, req.cookies.token, req.cookies.password, user);
 
     if (accessObj.accessStatus === "grant") {
       // there is access, continue