* Updated all DRF custom permissions to make sure they have has_permission and has_object_permission
* Changed default permission
* Updated middleware to filter incomming request based on their type
* Added test for this

Closes #118