Google Groups authorization calls Google API on each request

[3sGgpQ8H]

It seems that Google Groups authorization checks user membership in groups on every HTTP request. This is suboptimal. Should probably check only once before issuing TOKEN cookie. Then, in case TOKEN cookie is still valid, it should assume that user is authorized without checking group membership again.

[payton]

Agreed. This may involve a bit of a larger change. The original concept was that we decouple authentication and authorization such that the user is first authenticated and then authorized. The authorization step was set up such that it should call the callback function with a pass or fail.

This change would require we decouple calling the callback function and the authorization function (which is probably how things should've been set up in the first place).

Suggested changes:

1. For each authz file, remove callback, internalServerError, and unauthorized parameters and add a boolean return
2. Adjust the corresponding usage of auth.isAuthorized in the authn files to handle the boolean and end execution with a call to callback, internalServerError, or unauthorized