Added more structure and tests to our authorization code

server/policies/document.js

@@ -0,0 +1,13 @@
+// @flow
+import policy from './policy';
+import Document from '../models/Document';
+import User from '../models/User';
+
+const { allow } = policy;
+
+allow(
+  User,
+  ['create', 'read', 'update', 'delete'],
+  Document,
+  (user, doc) => user.teamId === doc.teamId
+);