MB-41765: Change permissions for managing collection per scope

Creating/deleting collection in scope only require following permission,
"cluster.collection[<bucket_name>:<scope_name>:*].collections!write".

Change-Id: Icd6c8164a76631f9dd0e6eb8d6e33ee4653f7c25
Reviewed-on: http://review.couchbase.org/c/ns_server/+/138324
Tested-by: Abhijeeth Nuthan <abhijeeth.nuthan@couchbase.com>
Well-Formed: Build Bot <build@couchbase.com>
Reviewed-by: Artem Stemkovski <artem@couchbase.com>

src/menelaus_web.erl

@@ -774,7 +774,7 @@ get_action(Req, {AppRoot, IsSSL, Plugins}, Path, PathTokens) ->
                      fun menelaus_web_collections:handle_ensure_manifest/3,
                      [Id, ManifestId]};
                 ["pools", "default", "buckets", Id, "collections", Scope] ->
-                    {{[{bucket, Id}, collections], write},
+                    {{[{collection, [Id, Scope, all]}, collections], write},
                      fun menelaus_web_collections:handle_post_collection/3,
                      [Id, Scope]};
                 ["pools", "default", "buckets", Id, "collections"] ->
@@ -862,7 +862,7 @@ get_action(Req, {AppRoot, IsSSL, Plugins}, Path, PathTokens) ->
                      [Id, Name]};
                 ["pools", "default", "buckets", Id, "collections",
                  Scope, Name] ->
-                    {{[{bucket, Id}, collections], write},
+                    {{[{collection, [Id, Scope, all]}, collections], write},
                      fun menelaus_web_collections:handle_delete_collection/4,
                      [Id, Scope, Name]};
                 ["pools", "default", "buckets", Id, "docs", DocId] ->

src/menelaus_web_rbac.erl

@@ -1320,6 +1320,8 @@ handle_check_permission_for_cbauth(Req) ->
             menelaus_util:reply_text(Req, "", 401)
     end.
 
+vertex_param_to_list(all) ->
+    "*";
 vertex_param_to_list(any) ->
     ".";
 vertex_param_to_list(Param) ->