🛂 Hide some menus depending on member permissions

[josemigallas]

Fixes:

• THREESCALE-11237: Member user with permission analytics should see backends tab on dashboard
• THREESCALE-11357: Member user with no rights to create a Backend can select create a Backend
• THREESCALE-11573: Member user can see products in Backend API overview page

Updated UI:

Member with zero permissions will see:

• empty Dashboard
• empty Context selector
• Products and Backend APIs (index, new, etc) will raise 403

Member with Access & query analytics will see:

• Dashboard with Products and Backends widgets, only those accessible
• Context selector without Audience
• Product only shows Analytics
• Backend API shows Overview (not editable) and Analytics

Member with Create, read, update and delete attributes, metrics, mapping rules, etc. will see:

• Dashboard without analytics
• Context selector without Audience
• Product shows Edit, Application (Plans), ActiveDocs, Integration

Member with Create, read, update and delete accounts / applications will see:

• Dashboard without "potential upgrades" widget and no Backend APIs widget
• Context selector with everything but Backends
• Product shows Application (Plans)
• Backend raises 403

Member with settings will see:

• Empty dashboard
• Context selector with Audience and Settings

Member with customer billing will see:

• Empty dashboard
• Context selector with Audience and settings
• Audience > Billing

Member with developer portal will see:

• Empty dashboard
• Context selector with Audience and settings
• Audience > Dev portal

[jlledom]

Why does this branch come from bye_bye_webpacker? couldn't this be done over master or ruby-3.1

Also, could you please add a description to the PR?

[jlledom]

I tried this locally, these are my findings:

• https://issues.redhat.com/browse/THREESCALE-11237
  • Scenario:
    • Member with Access & query analytics
    • Two Products, two backends
    • The first product has two backends, the second product has no backends
  • Result
    • Giving it access to any product will show the dashboard tab for all backends
    • Giving it access to no product will hide the backend widget
    • In no case I can see only the backend widget with no product widget
    • This behaves exactly the same in master and in this PR
• https://issues.redhat.com/browse/THREESCALE-11357
  • Scenario:
    • Same permissions as in the issue (check)
    • Two Products, two backends
    • The first product has two backends, the second product has no backends
  • Result
    • "Create" buttons appearing in the dashboard
      • I reproduced it in master, but can't reproduce it in this PR, so it's fixed 👍
    • Product -> Integration -> Backend can attempt to create a backend
      • I reproduced this in master but also in this PR, so it's not fixed
• Tests
  • I don't know whether we have tests for all the scenarios described in the Jira issues. I guess not, otherwise they would have failed. It would be good to add such tests

[jlledom]

From my previous comment:

* https://issues.redhat.com/browse/THREESCALE-11357
  
  * Scenario:
    
    * Same permissions as in the issue ([check](https://issues.redhat.com/secure/attachment/13265014/member-user-permissions.png))
    * Two Products, two backends
    * The first product has two backends, the second product has no backends
  * Result
    
    * "Create" buttons appearing in the dashboard
      
      * I reproduced it in master, but can't reproduce it in this PR, so it's fixed 👍
    * Product -> Integration -> Backend can attempt to create a backend
      
      * I reproduced this in master but also in this PR, so it's not fixed

I tried this again and got the same results.

[josemigallas]

UPDATES:

• Now "Access and query analytics" for backends only will hide the products widget in the dashboard:
  

• In Product > Integration > Backends, adding a backend now won't show an option to create a backend without permission:
  

[jlledom]

I tried this again:

* Now "Access and query analytics" for backends only will hide the products widget in the dashboard:

Works for me 👍

* In Product > Integration > Backends, adding a backend now won't show an option to create a backend without permission:

This still fails for me:

• For a product with no backends, "Product > Integration > Backends" looks like this:

There's an "Add a backend button", when clicking it, the screens to create backends auto-complete for existing backends:

And I can create the backend correctly.

I think it would be better to just not show the "Add a backend button" at all. Also, even if the screen loads and the existing backends are auto-completed, trying to create a backend should fail

[josemigallas]

This still fails for me:

• For a product with no backends, "Product > Integration > Backends" looks like this:

There's an "Add a backend button", when clicking it, the screens to create backends auto-complete for existing backends:

And I can create the backend correctly.
I think it would be better to just not show the "Add a backend button" at all. Also, even if the screen loads and the existing backends are auto-completed, trying to create a backend should fail

@jlledom However, this is not creating a new backend. It is simply adding an existing backend to a product.

[jlledom]

@jlledom However, this is not creating a new backend. It is simply adding an existing backend to a product.

Is that supposed to be allowed? In that case, OK

[josemigallas]

UPDATE:

A member without access to a Product won't see it in its backend Overview page:

[mayorova]

I didn't review the code itself carefully enough, but I think the behavior is now reasonable and fixes the three related JIRAs.