Manually authorize authenticated users before giving them admin access #11
Description
Currently, any extension.org user who logs in has access to the models (responses, surveys...etc) in the app. If we feel this is a security concern we can add a check for the authorized flag on the user model (set to false by default). So that giving users access would be a two-step process. First asking them to login in with their extension.org email address, then we could manually set their authorized value from false to true (via Heroku console).