Fix some router security and code style issues

[Catherine9898]

1. Follow the current routing scopes, the notification belongs to a course, they will naturally pipe through authentication checks, course checks sand staff checks.
2. Separate admin routes from student/staff routes.
3. Clean up unnecessary comments and use query styles in the piping fashion (which aligns with the current code base).
4. Try to use Logger instead of IO for logging.

[coveralls]

coverage: 91.048% (-4.3%) from 95.358% when pulling 7f4ea7fa786b2f8c5ad94d1d357bb0eb21e0ca98 on Catherine9898:cat into 5d09b514ea77a1146b5e13812386a0584dbe2cb1 on source-academy:master.

[RichDom2185]

Closing as per offline discussion.