The access control for patching API was changed to accept GET requests
from users with reader role and presence in either admin or services
project. For other requests, it is required from the user that it has
admin role and presence in either project admin or services.
As all default system users have admin role and are present in either
admin or services project, this change should not cause regressions.
Test Plan:
PASS: Successfully deploy an AIO-SX using a Debian image with this
change present and create user "readeruser" with reader role. Log in the
Horizon interface using "readeruser" user, access page "Admin" ->
"Software Management" with no errors (a GET patches list request is
executed successfully here), try to upload a patch and check that it
fails. Repeat the steps for user "admin" and check that the patch upload
succeeds.
PASS: Successfully deploy a DC with 1 subcloud using a Debian image with
this change present and create user "readeruser" with reader role. Log
in the Horizon interface using "readeruser" user, access page
"Distributed Cloud Admin" -> "Software Management" with no errors (a GET
patches list request is executed successfully here), try to upload a
patch and check that it fails. Repeat the steps for user "admin" and
check that the patch upload succeeds.
Story: 2010149
Task: 46561
Depends-on: https://review.opendev.org/c/starlingx/gui/+/860701
Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
Change-Id: I1b0b06ebeaadc82cd14174a46bf148c564dc7c08
790d7e5e2e