fix: user permission is now checked for api key authorizer

[webong]

This pull request makes the following changes:

• Adds ACL Manager Settings permission check on users
  References Can't access General Settings with "Manage Settings" permissions #3261
  Test checklist:
  With an administrator user

• Create a role with the Manage Settings permission only

• Assign the role to a user
  With a user who has the new role assigned

• login with that user, access the settings page (you should see this page instead of access denied)

• access the general settings

• change a general setting - site name and regenerate API keys

• save

• the settings should save

• log out

• the site name should change to what you assigned to it (check the browser tab and the map view)

• You can check the API key changed in the database, too, or simply reload the settings admin page to see it

• I certify that I ran my checklist

Fixes ushahidi/platform# .

Ping @ushahidi/platform

[ushbot]

Hey @webong,
thank you for your Pull Request.

@rjmackay It looks like this brave person signed our Contributor License Agreement. 👍

Always at your service,

clabot

[coveralls]

Coverage decreased (-0.004%) to 20.495% when pulling 54358be on webong:fix-general-settings-access-denied-for-manage-settings-permission into b8e701d on ushahidi:develop.

[Angamanga]

@rowasc @tuxpiper Could one of you review please?

[rowasc]

Reviewing and testing @Angamanga

[rowasc]

@webong this looks good and seems to work just fine, thank you so much 🎉
Just an extra request, if you're willing: would you be able to add an integration test for it?
Roughly would involve

• creating a new role with the "Manage Settings" permission in tests/datasets/ushahidi/Base.yml
• create a user specifically for this role in the same file (users key)
• assign the user with that role in the same file (roles_permissions key in Base.yml)
• checking that the user has access to apikeys and other general settings (the acl.feature file may offer some guidance on this workflow)
  The api.apikeys.feature file in the integration tests may be another place to add a role/permission check if you'd like too. \

Also: I added some test steps to the description so that we can easily ask @Obadha2 to give us a hand and validate when we merge :) . @Obadha2 please make sure we add this to our regression suite/verify it's in there 💯

[webong]

@rowasc thanks for the review ... my latest push now implements an integration test.

[rowasc]

thanks @webong , looks great . I'm going to hold on the merge for a bit due to some m other prep we're doing, but this should be considered approved if the tests pass.

[Angamanga]

@rowasc is this one ok to merge now?

[rowasc]

yes!