Deletion of tags: permission is not checked in the backend

[ebroda]

Description of the issue

Currently, there is no check in the backend if a user is admin & allowed to delete tags.

So, if you manipulate the DOM and simply add the delete button, you can delete tags even without being an admin.

https://github.com/OpenEnergyPlatform/oeplatform/blob/develop/dataedit/templates/dataedit/tag_editor.html

Ideas of solution

Add check if user is admin before executing the deletion, somewhere here:

oeplatform/dataedit/views.py

Lines 671 to 673 in 4cd7b6a

	elif "submit_delete" in request.POST:
	id = request.POST["tag_id"]
	delete_tag(id)

Context and Environment

• Version used: 1.0.5
• Operating system: -
• Environment setup and (python) version: -

Workflow checklist

• I am aware of the workflow in CONTRIBUTING.md