Add read permissions (#2849)

[chrisknoll]

Adding the ability to see read permissions alongside of write permissions Added flag enablePermissionManagement to control UI element to assign permissions.

[chrisknoll]

@rkboyce : please pull this branch and test on your local environment.

[rkboyce]

Three tests passed and one failed:

Configuration 1:

• WebAPI: <security.defaultGlobalReadPermissions>false</security.defaultGlobalReadPermissions>
• Atlas: configLocal.enablePermissionManagement = true;
• A test user with the following roles:

Atlas users
Moderator
Source user (<some source>)
admin
cohort creator
cohort reader
concept set creator
public
<user specific role>

• A test user with the following roles but who does not have the permissions that follow the listed roles:

-- Roles
Source user (<some source>)
cohort creator
concept set creator
public
<user specific role>

-- The user does not have these permissions 

    	      'conceptset:*:get',
    	      'conceptset:*:expression:get',
    	      'conceptset:*:version:*:expression:get',    	       
    	--
              'cohortdefinition:*:get',
              'cohortdefinition:*:info:get',
              'cohortdefinition:*:version:get',
              'cohortdefinition:*:version:*:get',        
        --        
	      'cohort-characterization:*:get',
               'cohort-characterization:*:generation:get',
	 	'cohort-characterization:generation:*:get',
		'cohort-characterization:design:get',
		'cohort-characterization:*:design:get',
		'cohort-characterization:design:*:get',
		'cohort-characterization:*:version:get',
		'cohort-characterization:*:version:*:get',
		--
		'pathway-analysis:*:get',
		'pathway-analysis:*:generation:get',
		'pathway-analysis:generation:*:get',
		'pathway-analysis:generation:*:result:get',
		'pathway-analysis:generation:*:design:get',
		'pathway-analysis:*:version:get',
		'pathway-analysis:*:version:*:get'
		--
		'ir:*:get',
		'ir:*:copy:get',
		'ir:*:info:get',
		'ir:*:design:get',
		'ir:*:version:get',
		'ir:*:version:*:get'
		--		
		'estimation:*:get',
		'estimation:*:copy:get',
		'estimation:*:download:get',
		'estimation:*:export:get',
		'estimation:*:generation:get',
		'comparativecohortanalysis:*:get', -- might only apply to older versions of Atlas/WebAPI
		--
		'prediction:*:get',
		'prediction:*:copy:get',
		'prediction:*:download:get',
		'prediction:*:export:get',
		'prediction:*:generation:get',
		'prediction:*:exists:get',
		'plp:*:get' -- might only apply to older versions of Atlas/WebAPI

Test 1: expected behavior - filtering of listed entities based on READ permissions by WebAPI

User logs in and can view all of the entities that the user has READ permissions to (concept sets, cohort definitions, characterizations, cohort pathways, incidence rates, estimation, prediction) - Passed

Test 2: ability to add READ/WRITE permissions to any entity that the user has WRITE permissions to

User creates an entity or opens an existing entity that they have WRITE permissions for and can add READ/WRITE permissions to that entity for another user. The other user will be able to view (if given READ permissions) and edit (if given WRITE permissions) - Passed

Test 3: ability to remove READ/WRITE permissions to any entity that the user has WRITE permissions to

User opens an existing entity that they have WRITE permissions for and can remove the READ/WRITE permissions to that entity for another user. The other user will not be able to view (if READ permissions are removed) nor edit (if WRITE permissions are removed) that entity - Passed

Configuration 2:

• Atlas : configLocal.enablePermissionManagement = false;

*Test 1: the icon to allow editing READ/WRITE permissions is removed from the permission configuration modal in Atlas

With this Atlas configuration, there should no be an icon showing for the permission configuration modal for any of the entity types (concept sets, cohort definitions, characterizations, cohort pathways, incidence rates, estimation, prediction) - Failed

• The icon is incorrectly showing for IR and cohort pathways but is correctly hidden from the other entity types. This is possibly because the following code needs to be added to the IR and cohort pathways manager HTML where the configure access button is created (look for 'common.configureAccess' and place this above the HTML block)

<!-- ko if: enablePermissionManagement -->

[chrisknoll]

@rkboyce : I've updated the UI to hide permission assignment on IR and Pathways, as we discussed. Can you pull the branch and confirm?

[rkboyce]

@chrisknoll - works perfectly! With that change, all tests above pass. Thanks!