[SDCOSMO-2480] Fix runner security property visibility for validator

Author: jreynard-code

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceIntegrationTest.kt

@@ -15,6 +15,7 @@ import com.cosmotech.api.rbac.ROLE_ADMIN
 import com.cosmotech.api.rbac.ROLE_EDITOR
 import com.cosmotech.api.rbac.ROLE_NONE
 import com.cosmotech.api.rbac.ROLE_USER
+import com.cosmotech.api.rbac.ROLE_VALIDATOR
 import com.cosmotech.api.rbac.ROLE_VIEWER
 import com.cosmotech.api.security.ROLE_ORGANIZATION_USER
 import com.cosmotech.api.security.ROLE_PLATFORM_ADMIN
@@ -1025,6 +1026,47 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
     }
   }
 
+  @Test
+  fun `As a validator, I can see whole security property for getRunner`() {
+    every { getCurrentAccountIdentifier(any()) } returns defaultName
+    runner = makeRunnerCreateRequest(userName = defaultName, role = ROLE_VALIDATOR)
+    runnerSaved = runnerApiService.createRunner(organizationSaved.id, workspaceSaved.id, runner)
+
+    runnerSaved =
+        runnerApiService.getRunner(organizationSaved.id, workspaceSaved.id, runnerSaved.id)
+
+    assertEquals(2, runnerSaved.security.accessControlList.size)
+    assertEquals(ROLE_NONE, runnerSaved.security.default)
+    assertEquals(
+        RunnerAccessControl(CONNECTED_ADMIN_USER, ROLE_ADMIN),
+        runnerSaved.security.accessControlList[0])
+    assertEquals(
+        RunnerAccessControl(defaultName, ROLE_VALIDATOR), runnerSaved.security.accessControlList[1])
+  }
+
+  @Test
+  fun `As a validator, I can see whole security property for listRunners`() {
+    every { getCurrentAccountIdentifier(any()) } returns defaultName
+    organizationSaved = organizationApiService.createOrganization(organization)
+    datasetSaved = datasetApiService.createDataset(organizationSaved.id, dataset)
+    materializeTwingraph()
+    solutionSaved = solutionApiService.createSolution(organizationSaved.id, solution)
+    workspace = makeWorkspaceCreateRequest()
+    workspaceSaved = workspaceApiService.createWorkspace(organizationSaved.id, workspace)
+    runner = makeRunnerCreateRequest(userName = defaultName, role = ROLE_VALIDATOR)
+    runnerSaved = runnerApiService.createRunner(organizationSaved.id, workspaceSaved.id, runner)
+
+    val runners = runnerApiService.listRunners(organizationSaved.id, workspaceSaved.id, null, null)
+    runners.forEach {
+      assertEquals(2, it.security.accessControlList.size)
+      assertEquals(ROLE_NONE, it.security.default)
+      assertEquals(
+          RunnerAccessControl(CONNECTED_ADMIN_USER, ROLE_ADMIN), it.security.accessControlList[0])
+      assertEquals(
+          RunnerAccessControl(defaultName, ROLE_VALIDATOR), it.security.accessControlList[1])
+    }
+  }
+
   private fun makeConnector(name: String = "name"): Connector {
     return Connector(
         key = UUID.randomUUID().toString(),

runner/src/main/kotlin/com/cosmotech/runner/service/RunnerService.kt

@@ -66,7 +66,9 @@ class RunnerService(
 ) : CsmPhoenixService() {
 
   fun updateSecurityVisibility(runner: Runner): Runner {
-    if (csmRbac.check(runner.getRbac(), PERMISSION_READ_SECURITY).not()) {
+    if (csmRbac
+        .check(runner.getRbac(), PERMISSION_READ_SECURITY, getRunnerRolesDefinition())
+        .not()) {
       val username = getCurrentAccountIdentifier(csmPlatformProperties)
       val retrievedAC = runner.security.accessControlList.firstOrNull { it.id == username }