Improve reader UI (part 2)

[manuthecoder]

This pull request introduces changes to enhance authorization checks and ensure proper role-based access control across policies and views. The updates primarily focus on restricting actions to users with the appropriate roles, such as organizers with at least the :member role, and improving the handling of deletions.

Authorization Enhancements:

• Updated OrganizerPositionPolicy to allow record owners to destroy positions in addition to admins or contract signees. (app/policies/organizer_position_policy.rb, app/policies/organizer_position_policy.rbL5-R5)
• Modified ReceiptPolicy to use role-based checks (OrganizerPosition.role_at_least?) for destruction permissions instead of relying on event user inclusion. (app/policies/receipt_policy.rb, app/policies/receipt_policy.rbL6-R6)

Role-Based View Access:

• Added role-specific checks (organizer_signed_in?(as: :member)) for rendering "Add tag" buttons, links, and modals across multiple views, including canonical_pending_transactions, canonical_transactions, employees, and events views. [1] [2] [3] [4] [5] [6] [7]
• Ensured that voiding or archiving invoices in hcb_codes/_invoice.html.erb is restricted to organizers with at least the :member role.

Improved Deletion Handling:

• Updated deletion logic in receipts/_receipt.html.erb to check policy(receipt).destroy? before rendering delete buttons, ensuring only authorized users can delete receipts. [1] [2]

[Luke-Oldenburg]

Look at #10776 for some similar / duplicate fixes that use more policy instead.

[Luke-Oldenburg]

Almost there just a few small changes. I reckon the PR title should be updated to be more general too.

[Luke-Oldenburg]

This should freeze cards instead of cancel and be in a separate PR please.

[Luke-Oldenburg]

Can we make policies for these please?

[Luke-Oldenburg]

This should probably be in a separate PR since it's not strictly UI related.