Allow space application supporter to access specific audit event endpoints.

[monamohebbi]

Issue

Allow space application supporter to access specific audit event endpoints.

Context

We are introducing a new role and we want to make sure it has the right access.

Expected result

A space application support should be able access the following endpoints:

GET /v3/audit_events/:guid
GET /v3/audit_events

Acceptance

A space application supporter would see the same info as a space developer assigned to the same space for these and only these audit endpoints.

Documentation

When I browse to any of these endpoints on v3 docs I can see the Space Application Supporter role in the list of permitted roles with an indication that this role is not fully implemented and the permissions will be changing.

[ctlong]

Ran into trouble changing permissions on Event due to the controller's use of the old school user_visibility_filter function in the model.

cloud_controller_ng/app/models/runtime/event.rb

Lines 65 to 75 in 65a5edc

	def self.user_visibility_filter(user)
	# use select_map so the query is run now instead of being added as a where filter later. When this instead
	# generates a subselect in the filter query directly, performance degrades significantly in MySQL.
	Sequel.or([
	[:space_guid, Space.dataset.join_table(:inner, :spaces_developers, space_id: :id, user_id: user.id).select(:guid).
	union(
	Space.dataset.join_table(:inner, :spaces_auditors, space_id: :id, user_id: user.id).select(:guid)
	).select_map(:guid)],
	[:organization_guid, Organization.dataset.where(auditors: user).select_map(:guid)]
	])
	end

Ideally, we want to update the controller to use Roles.