Merge pull request #237 from Cosmo-Tech/LCRA/change_security_visibili…

…ty_per_role_PROD-14053 remove permission read security from viewer
Cosmo-Tech · Dec 11, 2024 · 362d6e7 · 362d6e7
2 parents 922b005 + 0cdaa9c
commit 362d6e7
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt b/src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt
@@ -22,7 +22,7 @@ const val PERMISSION_DELETE = "delete"
 const val PERMISSION_LAUNCH = "launch"
 const val PERMISSION_VALIDATE = "validate"
 
-val COMMON_ROLE_READER_PERMISSIONS = listOf(PERMISSION_READ, PERMISSION_READ_SECURITY)
+val COMMON_ROLE_READER_PERMISSIONS = listOf(PERMISSION_READ)
 val COMMON_ROLE_USER_PERMISSIONS =
     listOf(PERMISSION_READ, PERMISSION_READ_SECURITY, PERMISSION_CREATE_CHILDREN)
 val COMMON_ROLE_EDITOR_PERMISSIONS =
@@ -38,7 +38,7 @@ val COMMON_ROLE_ADMIN_PERMISSIONS =
     )
 
 // Scenario roles & permissions
-val RUNNER_ROLE_VIEWER_PERMISSIONS = listOf(PERMISSION_READ, PERMISSION_READ_SECURITY)
+val RUNNER_ROLE_VIEWER_PERMISSIONS = listOf(PERMISSION_READ)
 val RUNNER_ROLE_EDITOR_PERMISSIONS =
     listOf(PERMISSION_READ, PERMISSION_READ_SECURITY, PERMISSION_LAUNCH, PERMISSION_WRITE)
 val RUNNER_ROLE_VALIDATOR_PERMISSIONS =

diff --git a/src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt b/src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt
@@ -862,7 +862,7 @@ class CsmRbacTests {
     every { getCurrentAuthenticatedRoles(csmPlatformProperties) } returns
         listOf(ROLE_ORGANIZATION_USER)
     every { getCurrentAccountIdentifier(csmPlatformProperties) } returns USER_MAIL_TOKEN
-    assertTrue(rbacTest.check(rbacSecurity, PERMISSION_READ_SECURITY, definition))
+    assertFalse(rbacTest.check(rbacSecurity, PERMISSION_READ_SECURITY, definition))
   }
 
   @Test