Require cloud_controller.read access(or equivalent) to access list en…

…dpoints. (#3450)

* make sure token has read scope in order to read list endpoints

* make sure unauthenticated users still have access to marketplace if flag is not set?

app/access/app_event_access.rb

@@ -31,8 +31,7 @@ def delete?(_object)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -66,8 +65,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
   end
 end

app/access/app_usage_event_access.rb

@@ -61,8 +61,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user?
     end
 
     def index?(_object_class, _params=nil)

app/access/buildpack_access.rb

@@ -31,8 +31,7 @@ def delete?(_object)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -66,8 +65,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def upload?(*_)

app/access/domain_access.rb

@@ -9,8 +9,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -44,8 +43,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(domain, params=nil)

app/access/environment_variable_group_access.rb

@@ -29,8 +29,7 @@ def delete?(_object)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -64,8 +63,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
   end
 end

app/access/event_access.rb

@@ -31,8 +31,7 @@ def delete?(_object)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -66,8 +65,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
   end
 end

app/access/feature_flag_access.rb

@@ -63,8 +63,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope?
     end
   end
 end

app/access/managed_service_instance_access.rb

@@ -15,8 +15,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -50,8 +49,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def allowed?(service_instance)

app/access/organization_access.rb

@@ -40,7 +40,7 @@ def delete?(_object)
     end
 
     def index?(_, _params=nil)
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def read_with_token?(_)
@@ -72,8 +72,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     private

app/access/private_domain_access.rb

@@ -15,8 +15,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -50,8 +49,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(private_domain, params=nil)

app/access/process_model_access.rb

@@ -15,8 +15,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -50,8 +49,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(app, _params=nil)

app/access/quota_definition_access.rb

@@ -31,8 +31,7 @@ def delete?(_object)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -66,8 +65,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
   end
 end

app/access/route_access.rb

@@ -37,8 +37,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def read_with_token?(_)
@@ -70,8 +69,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     private

app/access/route_mapping_access.rb

@@ -15,8 +15,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -50,8 +49,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(route_mapping, _params=nil)

app/access/security_group_access.rb

@@ -31,8 +31,7 @@ def delete?(_object)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -66,8 +65,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
   end
 end

app/access/service_access.rb

@@ -27,8 +27,7 @@ def update?(_object, _params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor? || !VCAP::CloudController::FeatureFlag.enabled?(:hide_marketplace_from_unauthenticated_users)
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -62,8 +61,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor? || !VCAP::CloudController::FeatureFlag.enabled?(:hide_marketplace_from_unauthenticated_users)
     end
 
     def delete?(service, _=nil)

app/access/service_binding_access.rb

@@ -23,8 +23,7 @@ def update?(_object, _params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -58,8 +57,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(_service_binding, _params=nil)

app/access/service_broker_access.rb

@@ -19,8 +19,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -54,8 +53,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(service_broker, _=nil)

app/access/service_instance_access.rb

@@ -15,8 +15,7 @@ def read_related_object_for_update?(object, params=nil)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -50,8 +49,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(service_instance, _params=nil)

app/access/service_key_access.rb

@@ -47,8 +47,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def create?(service_key, _params=nil)

app/access/service_plan_access.rb

@@ -31,8 +31,7 @@ def delete?(_object)
     end
 
     def index?(_object_class, _params=nil)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     # These methods should be called first to determine if the user's token has the appropriate scope for the operation
@@ -66,8 +65,7 @@ def delete_with_token?(_)
     end
 
     def index_with_token?(_)
-      # This can return true because the index endpoints filter objects based on user visibilities
-      true
+      admin_user? || admin_read_only_user? || has_read_scope? || global_auditor?
     end
 
     def object_is_visible_to_user?(service_plan, user)