Merge pull request #239 from Cosmo-Tech/LCRA/change_security_visibility_per_role_PROD-14083

remove read security permission from viewer

Author: sellisd

src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt

@@ -22,7 +22,7 @@ const val PERMISSION_DELETE = "delete"
 const val PERMISSION_LAUNCH = "launch"
 const val PERMISSION_VALIDATE = "validate"
 
-val COMMON_ROLE_READER_PERMISSIONS = listOf(PERMISSION_READ, PERMISSION_READ_SECURITY)
+val COMMON_ROLE_READER_PERMISSIONS = listOf(PERMISSION_READ)
 val COMMON_ROLE_USER_PERMISSIONS =
     listOf(PERMISSION_READ, PERMISSION_READ_SECURITY, PERMISSION_CREATE_CHILDREN)
 val COMMON_ROLE_EDITOR_PERMISSIONS =
@@ -38,7 +38,7 @@ val COMMON_ROLE_ADMIN_PERMISSIONS =
     )
 
 // Scenario roles & permissions
-val SCENARIO_ROLE_VIEWER_PERMISSIONS = listOf(PERMISSION_READ, PERMISSION_READ_SECURITY)
+val SCENARIO_ROLE_VIEWER_PERMISSIONS = listOf(PERMISSION_READ)
 val SCENARIO_ROLE_EDITOR_PERMISSIONS =
     listOf(PERMISSION_READ, PERMISSION_READ_SECURITY, PERMISSION_LAUNCH, PERMISSION_WRITE)
 val SCENARIO_ROLE_VALIDATOR_PERMISSIONS =

src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt

@@ -856,7 +856,7 @@ class CsmRbacTests {
     every { getCurrentAuthenticatedRoles(csmPlatformProperties) } returns
         listOf(ROLE_ORGANIZATION_USER)
     every { getCurrentAccountIdentifier(csmPlatformProperties) } returns USER_MAIL_TOKEN
-    assertTrue(rbacTest.check(rbacSecurity, PERMISSION_READ_SECURITY, definition))
+    assertFalse(rbacTest.check(rbacSecurity, PERMISSION_READ_SECURITY, definition))
   }
 
   @Test