Deal with chaning Authorization during a WebSocket subscription

[joepio]

• Client SUBSCRIBEs to some resource, and they have the correct read permissions
• The read permission is taken away
• Currently, the existing WebSocketConnection will not be aware of the change in permissions, and will keep sending relevant Commits.

How do we deal with this?

Make SUBSCRIBE messages only temporary valid

• We still need to communicate about how long this time is, to make sure users do not send sensitive information in this time range
• Will lead to some overhead in client + server due to re-subscribing (and re-authorizing) resources
• Relatively easy to implement
• Should the Server inform the Client that it's time to re-subscribe? E.g. send AUTO_UNSUBSCRIBE messages.
• Alternative, yet similar: make WebSocketConnection only temporarily valid.

Perform authorization checks before sending the Commit, instead of when doing the SUBSCRIBE

• Very secure
• Will be costly in highly dynamic / active environments (think chatrooms or live boards and things like that)
• Should probably only be done if we have a cheaper / properly cached check_rights function