fix: unrestricted drive access only with full account permission

[jvillafanez]

Description

Only accounts with "full account access" permission (usually admins) will have unrestricted access to any drive. This includes personal drives and any space.
The rest of the accounts will have restricted access, which means that they'll need at least read permission on the drive in order to access.

Related Issue

• Fixes <issue_link>

Motivation and Context

Space admins could get information from drives they should not be able to access.

How Has This Been Tested?

Manually tested: space admin trying to get information from a personal drive now gets a 404 error.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

[2403905]

The Space Admin still has full info about the other user. I think it's redundant for them.
I think if it's not breaking changes for the application, we should dissolve for not admin user to get information about another user.

[jvillafanez]

The space admin can access to information about the personal space of any user. I think that's the problem we want to solve. Only the admin (not space admin) should be able to access that information.
This PR will cause non-admin users to get information only of spaces they have access to.

The Space Admin still has full info about the other user.

That should be solved with #12327 , so the space admin will only have access to the "public" information about the user.

[2403905]

The Space Admin still has full info about the other user.

[jvillafanez]

I think we'll have to adjust the tests.
I've tried to just filter out the personal spaces from the results, but there is no clear way (we'll need to traverse the result and remove them instead of using a space filter), and with the addition of vaults this becomes more complex. I don't think we have a clear list of available space types, so it's also error prone.

[jvillafanez]

I'll close this PR and change the approach, given the problem with the tests.

I think there have been some confusion between the "Space Admin" user role and the "Space Manager".
As space admin, you can administer any space including personal spaces, so it makes sense that the space admin can have access to at least some information about the space.
Any regular user can manage a space by becoming the space manager of that space. The set of actions available is different.

I'll try the same approach as in #12327 to hide some non-relevant information of the drive if you aren't the admin.

[jvillafanez]

I'll try the same approach as in #12327 to hide some non-relevant information of the drive if you aren't the admin.

It doesn't seem very useful. It will break the web UI since most of the drive information is being shown. In order not to break the web UI we might hide only a couple of drive attributes. The majority of the drive attributes need to be available for the web UI.