Disable various server/operator routes based on edition

The initial idea was to put an owner flag but this means that the
owner will be visible inside apps.

src/routes/accesscontrol.js

@@ -6,7 +6,8 @@ exports = module.exports = {
 
     scope: scope,
     websocketAuth: websocketAuth,
-    verifyAppOwnership: verifyAppOwnership
+    verifyAppOwnership: verifyAppOwnership,
+    verifyOperator: verifyOperator
 };
 
 var accesscontrol = require('../accesscontrol.js'),
@@ -161,3 +162,9 @@ function verifyAppOwnership(req, res, next) {
         next();
     });
 }
+
+function verifyOperator(req, res, next) {
+    if (config.allowOperatorActions()) return next();
+
+    next(new HttpError(401, 'Not allowed in this edition'));
+}