Allow space application supporter to access specific job endpoints.

[monamohebbi]

Issue

Allow space application supporter to access specific job endpoints.

Context

We are introducing a new role and we want to make sure it has the right access.

Expected result

A space application support should be able access the following endpoints:

GET /v3/jobs/:guid

Acceptance

A space application supporter would see the same info as a space developer assigned to the same space for these and only these job endpoints.

[philippthun]

@monamohebbi @sweinstein22 - There is a deviation between the documentation of the GET /v3/jobs/:guid endpoint and its implementation. As there is no permissions check in the coding (jobs_controller.rb), all authenticated users can access this endpoint (i.e. including Org Auditor, Org Billing Manager and users with no role at all). Shall the documentation be fixed or the implementation?

If we decide to simply adapt the documentation, I would also think that we don't even need tests and can simply move this issue to the Acceptance column.

[sweinstein22]

Hi @philippthun , I checked in with folks who have product context and the behavior should be that jobs are visible to everyone who has an assigned role, which means a slight change on both sides. On the implementation side, users with no role at all should not be able to hit GET /v3/jobs/:guid. On the documentation side we can change the permissions to say "All Roles". Thanks for catching that!

[philippthun]

@sweinstein22 I've now adjusted the documentation (e.g. "All Roles" are permitted) and added some tests. I did not adjust the implementation as the code seems to be in line with other endpoints (e.g. /v3/stacks/:guid) that also claim to be accessible for "All Roles". So even a user with no_role has access; as long as the cloud_controller.read scope is set.