Add rolesJson to groups table

This will contain the roles ('role definition') of a group of
users. We will internally map these to our API scopes.

src/accesscontrol.js

@@ -13,11 +13,15 @@ exports = module.exports = {
 
     SCOPE_ANY: '*',
 
+    ROLE_OWNER: 'owner',
+
     initialize: initialize,
     uninitialize: uninitialize,
 
     accessTokenAuth: accessTokenAuth,
 
+    validateRoles: validateRoles,
+
     validateScope: validateScope,
     hasScopes: hasScopes,
     intersectScope: intersectScope,
@@ -157,6 +161,15 @@ function accessTokenAuth(accessToken, callback) {
     });
 }
 
+function validateRoles(roles) {
+    assert(Array.isArray(roles));
+
+    if (roles.length === 0) return null;
+    if (roles.length === 1 && roles[0] === exports.ROLE_OWNER) return null;
+
+    return new Error('Invalid role');
+}
+
 function validateScope(scope) {
     assert.strictEqual(typeof scope, 'string');