Require client to specify explicitly in websockets whether restricted users should be seen

This is only allowed to those having the user privilege AdminPrivilegeManageUsers, having being identified by the API AND having sent a message of type set_restricted_visibility stating specifically in the data that they want to get info also about restricted users.
This also includes some more information in the new_scores, such as the username and userid of the user who submitted the score.

common/method_data.go

@@ -70,6 +70,13 @@ func Err(c *fasthttp.RequestCtx, err error) {
 	_err(err, tags, nil, c)
 }
 
+// WSErr is the error function for errors happening in the websockets.
+func WSErr(err error) {
+	_err(err, map[string]string{
+		"endpoint": "/api/v1/ws",
+	}, nil, nil)
+}
+
 func _err(err error, tags map[string]string, user *raven.User, c *fasthttp.RequestCtx) {
 	if RavenClient == nil {
 		fmt.Println("ERROR!!!!")
@@ -93,6 +100,10 @@ func _err(err error, tags map[string]string, user *raven.User, c *fasthttp.Reque
 }
 
 func generateRavenHTTP(ctx *fasthttp.RequestCtx) *raven.Http {
+	if ctx == nil {
+		return nil
+	}
+
 	// build uri
 	uri := ctx.URI()
 	// safe to use b2s because a new string gets allocated eventually for

common/privileges.go

@@ -77,3 +77,18 @@ func (p Privileges) CanOnly(userPrivs UserPrivileges) Privileges {
 	}
 	return Privileges(newPrivilege)
 }
+
+var privilegeMap = map[string]Privileges{
+	"read_confidential": PrivilegeReadConfidential,
+	"write":             PrivilegeWrite,
+}
+
+// OAuthPrivileges returns the equivalent in Privileges of a space-separated
+// list of scopes.
+func OAuthPrivileges(scopes string) Privileges {
+	var p Privileges
+	for _, x := range strings.Split(scopes, " ") {
+		p |= privilegeMap[x]
+	}
+	return p
+}