Create and modify endpoints to allow checking and modifying user permission
Existing endpoints need to make sure that the user which invoked the endpoint actually has permission to do so. New methods have to be added which would check the database for the permission that a user has.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information