Description
Currently get zones API returns all zones even for users who are not authorized to zone modules. Restrict this API to only users who are authorized to zone module.
Steps to reproduce:
- Create a internal user name, test_user1
- Remove the permission on Security Zone module for a user
- Login as test_user1 user to Ranger Admin, user should not be able to see Security Zone tab
- Access the API using curl
curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://<RANGER_ADMIN_HOST>:6182/service/zones/zones"
curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://<RANGER_ADMIN_HOST>:6182/service/zones/zones/{ID}"
curl -ikv -u test_user1:pass@123 -X GET -H "Accept:application/json" -H "Content-Type:application/json" "https://<RANGER_ADMIN_HOST>:6182/service/zones/zones/name/{ZONE_NAME}"