This commit fixes a problem where non-super-admins cannot view an order once it's been submitted.

- Update the controller to check if the current user is allowed to view the order chosen
  when they are not allowed to edit the order.

- Add a permission check for viewing an order.

- Add a show view to the orders views.

- Update several partials to only display buttons that can modify the order and not when
  the user can only view the order.

- Add some test cases and fixtures to verify the function of Users::OrderManipulator.

Ensure correct templates rendered and redirects based on user.

If user calls edit action but is not allows to edit, redirects to show action (order_path(@order))

Show action shows if user is allowed, otherwise redirects to index action (orders_path)

routes for orders resource now excludes only :destroy action

Shows logic inherent in permissions, moves logic based on status to private method.

This passes rubocop's length rules while keeping the necessary logic in front

…-be-viewed

…-be-viewed