I should be able to change my email without losing access to my data

[sylvansson]

The schemas for communicators and boards currently use the email field to identify the owner. This is problematic because a user loses access to their communicators and boards if they change their email address. A simple solution would be to update the documents when needed, but it would be preferable to use a stable identifier like the user id.

Suggested approach

• Add a userId field to the Communicator and Board schemas. Migrate existing documents.
• Update the listCommunicators and listBoards routes to only return the caller's communicators and boards. The user id should be taken from the token rather than passed explicitly by the caller. The frontend would need to be updated to use these routes instead of the /byemail versions.
• Update the getCommunicatorsEmail and getBoardsEmail routes to return a 403 if a non-admin user sends the wrong email address. There would be no restriction for admins. Ideally we would only let admins call the routes, but we need to do this so that users with an older version of the app don't have to update.

@martinbedouret Does this make sense?

[martinbedouret]

@sylvansson This makes total sense to me. I would say we should block email address update from the frontend until this is done.