[Stats:Bvl] Implement data access control per site

[laemtl]

master branch
Review the suggested change and remove the below TODO/FIXME comments.
modules/statistics/php/statistics_dd_site.class.inc:_hasAccess()

// TODO: Create a permission specific to statistics
$hasAccessToAllProfiles = $user->hasAllPermissions(
    array(
        'access_all_profiles',
        'data_entry',
    )
);

$hasCenterPermission = false;

// TODO: There are no means of set permissions per site for a given user right now: (e.g.) 
// The user X can have the permission data_entry on site Y but not on site Z.
// Currently, hasCenterPermission() function checks if the user has a given center AND given 
// permission, not if it has permission for this specific center. This logic will be implemented in 
// hasCenterPermission() in near versions when the permission framework will allow it. 

// If a CenterID is passed in the request, check if the user has the
// data_entry permission at the site/center specified by CenterID.
if (!empty($_REQUEST['CenterID'])) {
    $hasCenterPermission = $user->hasCenterPermission(
        'data_entry',
        intval($_REQUEST['CenterID'])
    );
} else {
    // FIXME: For the short term the user we'll be granted access
    // if at least have permission AND one of the centers
    foreach ($user->getCenterIDs() as $centerID) {
        if ($user->hasCenterPermission('data_entry', intval($centerID))) {
            $hasCenterPermission = true;
            break;
        }
    }
}

See #5687 for more details

[christinerogers]

Can we make this issue and #6743 clearer, since "Review" is vague

• Given this issue is a placeholder to remind us that the feature should be implemented when we're ready - the title could just be e.g. "[Stats:Bvl] Implement data access control per site"
• Mention as much as you can about why this is waiting/not done.
• Add an URL to the location of code/comment, will be more durable than quote block