Overhaul Roles and Roles Mapping [#2720]

[pattisdr]

Closes #2720

Code Changes

• The concept of backend roles is a very new feature. But in the off chance someone has added a role to their user, added a data migration to swap out old roles with new roles on FidesUserPermission and Client tables
• Updated Roles -> Scopes mapping to reflect new roles
• Reduced Approver (Formerly Privacy Request Manager) scopes. Previously they had all privacy-request-* scopes, but discussed with product to refine
• Adjusted test fixtures related to users and clients with roles to have the correct names and new roles
• Get rid of some duplicate fixtures that were in two places.

Steps to Confirm

• Create a user via the API with a client that has permissions to do so:
  POST {{host}}/user

{
    "username": "test_user",
    "password": "Testpassword1!"

}

• Update the role of that user, one of owner, viewer_and_approver and approver, contributor, viewer

PUT {{host}}/user/{{user_id}}/permission

{
    "id": "{user_id}",
    "roles": ["viewer"]
}

• Login as that user in the admin UI
• Navigate through various parts of the UI with different roles and observe in the network tab that some routes are restricted depending on your role. Note that which scopes go with which role are still in flux.

Pre-Merge Checklist

• All CI Pipelines Succeeded
• Documentation:
  • documentation complete, PR opened in fidesdocs
  • documentation issue created in fidesdocs
• Issue Requirements are Met
• Relevant Follow-Up Issues Created
• Update CHANGELOG.md

Description Of Changes

We recently added some backend roles associated with lists of scopes here: #2671, the roles were Admin, Viewer, Privacy Request Manager, and Viewer + Privacy Request Manager.

Requirements have changed, and roles need to be renamed/rearranged.

New Roles are:

	- Owner: Full Admin
	- Viewer: Can view everything
	- Contributor: Can manage most things but can't adjust storage and messaging configs
	- Approver: Limited view but can approve privacy requests
	- Viewer + Approver: Full view and can approve privacy requests

[cypress]

Passing run #591 ↗︎

0

3

0

0

0

Details:

Merge 054e028 into 35186dd...
Project: fides	Commit: 50d01423dd ℹ️
Status: Passed	Duration: 00:47 💡
Started: Mar 3, 2023 7:00 PM	Ended: Mar 3, 2023 7:00 PM

_{This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.}

[allisonking]

🎉

[codecov]

Codecov Report

Patch coverage: 100.00% and no project coverage change

Comparison is base (35186dd) 86.57% compared to head (054e028) 86.58%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2744   +/-   ##
=======================================
  Coverage   86.57%   86.58%           
=======================================
  Files         290      290           
  Lines       16213    16216    +3     
  Branches     2060     2060           
=======================================
+ Hits        14037    14041    +4     
  Misses       1792     1792           
+ Partials      384      383    -1     

Impacted Files	Coverage Δ
src/fides/core/config/security_settings.py	98.85% <100.00%> (ø)
src/fides/lib/oauth/roles.py	100.00% <100.00%> (ø)
src/fides/api/ops/task/graph_task.py	93.73% <0.00%> (+0.31%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.