cob: Properly authorize root actions
Previously, authorization was only checked for ops after the root op.
We also avoid creating empty actions for assign and label, which
was needed for non-authorized users to be able to create issues/patches.
Previously, authorization was only checked for ops after the root op.
We also avoid creating empty actions for assign and label, which
was needed for non-authorized users to be able to create issues/patches.