[SDCOSMO-2480] Fix runner security property visibility for validator

Author: jreynard-code

runner/src/integrationTest/kotlin/com/cosmotech/runner/service/RunnerServiceIntegrationTest.kt

@@ -14,6 +14,7 @@ import com.cosmotech.api.rbac.ROLE_ADMIN
 import com.cosmotech.api.rbac.ROLE_EDITOR
 import com.cosmotech.api.rbac.ROLE_NONE
 import com.cosmotech.api.rbac.ROLE_USER
+import com.cosmotech.api.rbac.ROLE_VALIDATOR
 import com.cosmotech.api.rbac.ROLE_VIEWER
 import com.cosmotech.api.security.ROLE_ORGANIZATION_USER
 import com.cosmotech.api.security.ROLE_PLATFORM_ADMIN
@@ -1064,6 +1065,49 @@ class RunnerServiceIntegrationTest : CsmRedisTestBase() {
     }
   }
 
+  @Test
+  fun `As a validator, I can see whole security property for getRunner`() {
+    every { getCurrentAccountIdentifier(any()) } returns defaultName
+    runner = makeRunner(userName = defaultName, role = ROLE_VALIDATOR)
+    runnerSaved = runnerApiService.createRunner(organizationSaved.id!!, workspaceSaved.id!!, runner)
+
+    runnerSaved =
+        runnerApiService.getRunner(organizationSaved.id!!, workspaceSaved.id!!, runnerSaved.id!!)
+
+    assertEquals(2, runnerSaved.security!!.accessControlList.size)
+    assertEquals(ROLE_NONE, runnerSaved.security!!.default)
+    assertEquals(
+        RunnerAccessControl(CONNECTED_ADMIN_USER, ROLE_ADMIN),
+        runnerSaved.security!!.accessControlList[0])
+    assertEquals(
+        RunnerAccessControl(defaultName, ROLE_VALIDATOR),
+        runnerSaved.security!!.accessControlList[1])
+  }
+
+  @Test
+  fun `As a validator, I can see whole security property for listRunners`() {
+    every { getCurrentAccountIdentifier(any()) } returns defaultName
+    organizationSaved = organizationApiService.registerOrganization(organization)
+    datasetSaved = datasetApiService.createDataset(organizationSaved.id!!, dataset)
+    materializeTwingraph()
+    solutionSaved = solutionApiService.createSolution(organizationSaved.id!!, solution)
+    workspace = makeWorkspace()
+    workspaceSaved = workspaceApiService.createWorkspace(organizationSaved.id!!, workspace)
+    runner = makeRunner(userName = defaultName, role = ROLE_VALIDATOR)
+    runnerSaved = runnerApiService.createRunner(organizationSaved.id!!, workspaceSaved.id!!, runner)
+
+    val runners =
+        runnerApiService.listRunners(organizationSaved.id!!, workspaceSaved.id!!, null, null)
+    runners.forEach {
+      assertEquals(2, it.security!!.accessControlList.size)
+      assertEquals(ROLE_NONE, it.security!!.default)
+      assertEquals(
+          RunnerAccessControl(CONNECTED_ADMIN_USER, ROLE_ADMIN), it.security!!.accessControlList[0])
+      assertEquals(
+          RunnerAccessControl(defaultName, ROLE_VALIDATOR), it.security!!.accessControlList[1])
+    }
+  }
+
   private fun makeConnector(name: String = "name"): Connector {
     return Connector(
         key = UUID.randomUUID().toString(),

runner/src/main/kotlin/com/cosmotech/runner/service/RunnerService.kt

@@ -63,7 +63,9 @@ class RunnerService(
 ) : CsmPhoenixService() {
 
   fun updateSecurityVisibility(runner: Runner): Runner {
-    if (csmRbac.check(runner.getRbac(), PERMISSION_READ_SECURITY).not()) {
+    if (csmRbac
+        .check(runner.getRbac(), PERMISSION_READ_SECURITY, getRunnerRolesDefinition())
+        .not()) {
       val username = getCurrentAccountIdentifier(csmPlatformProperties)
       val retrievedAC = runner.security!!.accessControlList.firstOrNull { it.id == username }
       if (retrievedAC != null) {