Added custom security to users and groups:

-deletion of cms_newsitems (group definition, in settings page)
-authorization required for new cms_newsposts (per user setting)
-authorization of cms_newsitems (group definition, in settings page)
-added website administrator e-mail address in footer

resolved some security bugs
(when submitting cms_newsitem it was possible to add id param to url query and item could be updated or deleted by some users).