Update supervisor ability

[emcoding]

Related to PR #997

In the abilities we still use the old method for granting supervisors access to their team members email addresses, even when hidden.
With the recent changes, we don't need the old method anymore.

• Remove the old method (marked FIXME), add a new rule for the supervisor
  can :read_email of users they supervise, even when those users want their email hidden

Related things, not conclusive:

• Update the hint on the Profile form, that currently doesn't tell that their supervisor will be able to see the email address.
• Remove the 'signed_in?' conditional in the supervisors/base_controller. Maybe use Devise's authenticate_user! if possible and relevant. (Needs investigation.)
• Doublecheck if it works for students who where supervised in previous years (or should it?)
• Add and/or update feature spec.

[anubiskhan]

How's it going? This is my first time contributing to an open source project and I was hoping to help out with this issue. If there is someone else working on it already just let me know and I'll see if I can't help out somewhere else. Thanks!

[klappradla]

Hi @anubiskhan 👋

welcome to the Teams App and 💚 that you wanna help out 🤗

You're actually doing everything just perfect: if the issue is not already "assigned" to a member of the team (-> you see this in the sidebar on the right: Assignees) then it's basically ready to be worked on by anyone.

However it makes sense to - as you just did - double check via a quick comment if a) the issue is still relevant, b) someone else may already have a fix up their sleeve and are on the verge to open a PR or c) one is eventually not getting the point of the issue right ✌️

For this particular issue, @F3PiX already started some work on the abilities topic in general, but the things mentioned here are still to be implemented.