Space admin should not not be able to change the user quota

[ScharfViktor]

Steps:

• Katherine tries to change Albert Einstein quota

curl -k -X PATCH 'https://localhost:9200/graph/v1.0/drives/EinsteinPersonalSpaceId' -ukatherine:gemini -d '{"quota": {"total": 0}}' -vk

Actual: user and group tab is hidden for Space admin user in administation setting
but he can change the users personal space quota via the api

Expect: 401. no permission to change quota

[kobergj]

Interesting finding. This is because the server doesn't differentiate between personal and project spaces when updating. That means Katherine, who is space manager, actually HAS the permission to edit the quota of all spaces.

If this is not the intended behavior we have two options:
A) Split set-space-quota permission to set-project-space-quota and set-personal-space-quota
B) Check for account-management (or some other) permissions when trying to update personal spaces

@micbar what do you think?

[micbar]

I think we should go with solution A9

[kobergj]

Needs a web update first otherwise changing of quota is no longer possible through the UI. See ocis PR #5662

[kobergj]

Fixed with #5843