Add "sharing" ability to CDN locks

[srijeet0406]

This PR is not related to any issue. It adds the ability to CDN locks, so that they can be shared amongst multiple users.

---

Which Traffic Control components are affected by this PR?

• Documentation
• Traffic Ops
• Traffic Portal

What is the best way to verify this PR?

Run TO and TP locally.

1. As user A, acquire the lock on CDN X.
   In the shared usernames field, type in the username of another user that has a tenancy of lesser than or equal to that of user A.
   Make sure you can do all the activities on CDN X as user B, as you would have been able to as user A.

2. Make sure that user A cannot share their lock with a user that has a higher tenancy level than itself, or with a user that doesn't exist in the database.

3. Make sure all the tests pass.

If this is a bugfix, which Traffic Control versions contained the bug?

• master

PR submission checklist

• This PR has tests
• This PR has documentation
• This PR has a CHANGELOG.md entry
• This PR DOES NOT FIX A SERIOUS SECURITY VULNERABILITY (see the Apache Software Foundation's security guidelines for details)

[ericholguin]

I am seeing an issue where I cannot always share a lock with an existing user. Is there something I am missing?

I am logged in as admin and have these users available (some I created):

However when I try creating a lock with one of the users listed above, using my admin account, (on TO or TP)
Example:

{
    "cdn": "CDN-in-a-Box",
    "message": "test",
    "soft": true,
    "sharedUserNames": ["tenant2"]
}

The response returned (or TP Alert):

{
    "alerts": [
        {
            "text": "shared users must exist and be in the same/child tenants of the current user",
            "level": "error"
        }
    ]
}

The tenant2 user clearly exists and is a child tenant of root. This also happens with the "readonly" user which has the same tenancy as admin: root. Is there a certain rule or something else I might be missing?

[srijeet0406]

I am seeing an issue where I cannot always share a lock with an existing user. Is there something I am missing?

I am logged in as admin and have these users available (some I created):

However when I try creating a lock with one of the users listed above, using my admin account, (on TO or TP) Example:

{
    "cdn": "CDN-in-a-Box",
    "message": "test",
    "soft": true,
    "sharedUserNames": ["tenant2"]
}

The response returned (or TP Alert):

{
    "alerts": [
        {
            "text": "shared users must exist and be in the same/child tenants of the current user",
            "level": "error"
        }
    ]
}

The tenant2 user clearly exists and is a child tenant of root. This also happens with the "readonly" user which has the same tenancy as admin: root. Is there a certain rule or something else I might be missing?

Ok so the read-only role user will not be able to create locks because it doesn't have the CDN-LOCK:CREATE permission. I'll add a more informative error message for that use case. I'm looking into the other issue where a user cannot share their lock with a child tenant user.

[srijeet0406]

Hmm, I'm able to create a lock with an admin owner and root tenant and share it with another user that has a tenant set to the child tenant of root. I'll sync up with you offline.

[rawlinp]

We can probably make the UI options list for selecting shared users better, but it works for a first pass at it.