Fixes #17596: User with some to access technique editor api

webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/EndpointsDefinition.scala

@@ -251,7 +251,7 @@ object NodeApi extends ApiModuleProvider[NodeApi] {
     val description = "Get all proporeties for that node, included inherited ones"
     val (action, path)  = GET / "nodes" / "{id}" / "inheritedProperties"
   }
-  final case object ApplyPocicyAllNodes extends NodeApi with ZeroParam with StartsAtVersion8 with SortIndex { val z = implicitly[Line].value
+  final case object ApplyPolicyAllNodes extends NodeApi with ZeroParam with StartsAtVersion8 with SortIndex { val z = implicitly[Line].value
     val description = "Ask all nodes to start a run with the given policy"
     val (action, path)  = POST / "nodes" / "applyPolicy"
   }

webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/RoleApiMapping.scala

@@ -102,9 +102,11 @@ final case object OnlyAdmin extends AuthorizationApiMapping {
         case AnyRights            => ApiAuthz.allAuthz.acl
         // Administration is Rudder setting
 
-        case Administration.Read  => SettingsApi.GetAllSettings.x :: SettingsApi.GetSetting.x :: SystemApi.ArchivesDirectivesList.x :: SystemApi.ArchivesFullList.x :: SystemApi.ArchivesGroupsList.x ::
-                                     SystemApi.ArchivesRulesList.x :: SystemApi.GetAllZipArchive.x :: SystemApi.GetDirectivesZipArchive.x :: SystemApi.GetGroupsZipArchive.x :: SystemApi.GetRulesZipArchive.x ::
-                                     SystemApi.Info.x :: SystemApi.Status.x ::  Nil
+        case Administration.Read  => SettingsApi.GetAllSettings.x :: SettingsApi.GetSetting.x :: SystemApi.ArchivesDirectivesList.x ::
+                                     SystemApi.ArchivesFullList.x :: SystemApi.ArchivesGroupsList.x :: SystemApi.ArchivesRulesList.x ::
+                                     SystemApi.GetAllZipArchive.x :: SystemApi.GetDirectivesZipArchive.x :: SystemApi.GetGroupsZipArchive.x ::
+                                     SystemApi.GetRulesZipArchive.x :: SystemApi.Info.x :: SystemApi.Status.x :: SystemApi.ArchivesParametersList ::
+                                     SystemApi.GetParametersZipArchive :: Nil
         case Administration.Write => SettingsApi.ModifySettings.x :: SettingsApi.ModifySetting.x :: SystemApi.endpoints.map(_.x)
         case Administration.Edit  => SettingsApi.ModifySettings.x :: SettingsApi.ModifySetting.x :: SystemApi.endpoints.map(_.x)
 
@@ -136,18 +138,19 @@ final case object OnlyAdmin extends AuthorizationApiMapping {
         case Directive.Edit       => DirectiveApi.UpdateDirective.x :: Nil
 
         case Group.Read           => GroupApi.ListGroups.x :: GroupApi.GroupDetails.x :: GroupApi.GetGroupTree.x ::
-                                     GroupApi.GetGroupCategoryDetails.x :: Nil
+                                     GroupApi.GetGroupCategoryDetails.x :: GroupApi.GroupInheritedProperties :: Nil
         case Group.Write          => GroupApi.CreateGroup.x :: GroupApi.DeleteGroup.x :: GroupApi.ReloadGroup.x ::
                                      GroupApi.DeleteGroupCategory.x :: GroupApi.CreateGroupCategory.x :: Nil
         case Group.Edit           => GroupApi.UpdateGroup.x :: GroupApi.UpdateGroupCategory.x :: Nil
 
         case Node.Read            => NodeApi.ListAcceptedNodes.x :: NodeApi.ListPendingNodes.x :: NodeApi.NodeDetails.x ::
+                                     NodeApi.NodeInheritedProperties ::
                                      // node read also allows to read some settings
                                      AuthzForApi.withValues(SettingsApi.GetSetting, AclPathSegment.Segment("global_policy_mode") :: Nil ) ::
                                      AuthzForApi.withValues(SettingsApi.GetSetting, AclPathSegment.Segment("global_policy_mode_overridable") :: Nil ) ::
                                      Nil
         case Node.Write           => NodeApi.DeleteNode.x :: NodeApi.ChangePendingNodeStatus.x :: NodeApi.ChangePendingNodeStatus2.x ::
-                                     NodeApi.ApplyPocicyAllNodes.x :: NodeApi.ApplyPolicy.x :: Nil
+                                     NodeApi.ApplyPolicyAllNodes.x :: NodeApi.ApplyPolicy.x :: Nil
         case Node.Edit            => NodeApi.UpdateNode.x :: Nil
 
         case Rule.Read            => RuleApi.ListRules.x :: RuleApi.RuleDetails.x :: RuleApi.GetRuleTree.x ::
@@ -157,9 +160,13 @@ final case object OnlyAdmin extends AuthorizationApiMapping {
         case Rule.Edit            => RuleApi.UpdateRule.x :: RuleApi.UpdateRuleCategory.x :: Nil
 
         case Technique.Read       => TechniqueApi.ListTechniques.x :: TechniqueApi.ListTechniquesDirectives.x ::
-                                     TechniqueApi.ListTechniqueDirectives.x :: Nil
+                                     TechniqueApi.ListTechniqueDirectives.x :: NcfApi.GetMethods.x :: NcfApi.GetTechniques.x  ::
+                                     NcfApi.GetAllTechniqueCategories.x :: NcfApi.GetResources.x :: NcfApi.GetNewResources.x  ::
+                                     NcfApi.ParameterCheck.x :: Nil
         case Technique.Write      => NcfApi.CreateTechnique.x :: SystemApi.PoliciesUpdate.x :: SystemApi.PoliciesRegenerate.x :: Nil
-        case Technique.Edit       => NcfApi.UpdateTechnique.x :: SystemApi.PoliciesUpdate.x :: SystemApi.PoliciesRegenerate.x :: Nil
+        case Technique.Edit       => NcfApi.UpdateTechnique.x :: SystemApi.PoliciesUpdate.x :: SystemApi.PoliciesRegenerate.x ::
+                                     NcfApi.DeleteTechnique.x :: NcfApi.UpdateTechniques.x :: NcfApi.UpdateMethods.x :: Nil
+
 
         case UserAccount.Read     => UserApi.GetApiToken.x :: Nil
         case UserAccount.Write    => Nil

webapp/sources/rudder/rudder-rest/src/main/scala/com/normation/rudder/rest/lift/NodeApi.scala

@@ -131,7 +131,7 @@ class NodeApi (
       case API.DeleteNode               => DeleteNode
       case API.ChangePendingNodeStatus  => ChangePendingNodeStatus
       case API.ChangePendingNodeStatus2 => ChangePendingNodeStatus2
-      case API.ApplyPocicyAllNodes      => ApplyPocicyAllNodes
+      case API.ApplyPolicyAllNodes      => ApplyPocicyAllNodes
       case API.UpdateNode               => UpdateNode
       case API.ListAcceptedNodes        => ListAcceptedNodes
       case API.ApplyPolicy              => ApplyPolicy
@@ -289,7 +289,7 @@ class NodeApi (
   }
 
   object ApplyPocicyAllNodes extends LiftApiModule0 {
-    val schema = API.ApplyPocicyAllNodes
+    val schema = API.ApplyPolicyAllNodes
     val restExtractor = restExtractorService
     def process0(version: ApiVersion, path: ApiPath, req: Req, params: DefaultParams, authzToken: AuthzToken): LiftResponse = {
       implicit val prettify = params.prettify