feat(auth): add viewTests platform privilege (#10413)

datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/MeResolver.java

@@ -75,6 +75,7 @@ public CompletableFuture<AuthenticatedUser> get(DataFetchingEnvironment environm
             platformPrivileges.setManageIngestion(canManageIngestion(context));
             platformPrivileges.setManageSecrets(canManageSecrets(context));
             platformPrivileges.setManageTokens(canManageTokens(context));
+            platformPrivileges.setViewTests(canViewTests(context));
             platformPrivileges.setManageTests(canManageTests(context));
             platformPrivileges.setManageGlossaries(canManageGlossaries(context));
             platformPrivileges.setManageUserCredentials(canManageUserCredentials(context));
@@ -130,6 +131,12 @@ private boolean canGeneratePersonalAccessToken(final QueryContext context) {
         PoliciesConfig.GENERATE_PERSONAL_ACCESS_TOKENS_PRIVILEGE);
   }
 
+  /** Returns true if the authenticated user has privileges to view tests. */
+  private boolean canViewTests(final QueryContext context) {
+    return isAuthorized(
+        context.getAuthorizer(), context.getActorUrn(), PoliciesConfig.VIEW_TESTS_PRIVILEGE);
+  }
+
   /** Returns true if the authenticated user has privileges to manage (add or remove) tests. */
   private boolean canManageTests(final QueryContext context) {
     return isAuthorized(

datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/ListTestsResolver.java

@@ -45,7 +45,7 @@ public CompletableFuture<ListTestsResult> get(final DataFetchingEnvironment envi
 
     return CompletableFuture.supplyAsync(
         () -> {
-          if (canManageTests(context)) {
+          if (canManageTests(context) || canViewTests(context)) {
             final ListTestsInput input =
                 bindArgument(environment.getArgument("input"), ListTestsInput.class);
             final Integer start = input.getStart() == null ? DEFAULT_START : input.getStart();

datahub-graphql-core/src/main/java/com/linkedin/datahub/graphql/resolvers/test/TestUtils.java

@@ -19,6 +19,12 @@
 
 public class TestUtils {
 
+  /** Returns true if the authenticated user is able to view tests. */
+  public static boolean canViewTests(@Nonnull QueryContext context) {
+    return AuthUtil.isAuthorized(
+        context.getAuthorizer(), context.getActorUrn(), PoliciesConfig.VIEW_TESTS_PRIVILEGE);
+  }
+
   /** Returns true if the authenticated user is able to manage tests. */
   public static boolean canManageTests(@Nonnull QueryContext context) {
     return AuthUtil.isAuthorized(

datahub-graphql-core/src/main/resources/app.graphql

@@ -91,6 +91,11 @@ type PlatformPrivileges {
   """
   manageTokens: Boolean!
 
+  """
+  Whether the user is able to view Tests
+  """
+  viewTests: Boolean!
+
   """
   Whether the user is able to manage Tests
   """

datahub-web-react/src/Mocks.tsx

@@ -3617,6 +3617,7 @@ export const mocks = [
                         createTags: true,
                         manageUserCredentials: true,
                         manageGlossaries: true,
+                        viewTests: false,
                         manageTests: true,
                         manageTokens: true,
                         manageSecrets: true,
@@ -3892,6 +3893,7 @@ export const platformPrivileges: PlatformPrivileges = {
     manageIngestion: true,
     manageSecrets: true,
     manageTokens: true,
+    viewTests: false,
     manageTests: true,
     manageGlossaries: true,
     manageUserCredentials: true,

datahub-web-react/src/graphql/me.graphql

@@ -39,6 +39,7 @@ query getMe {
             manageSecrets
             manageTokens
             manageDomains
+            viewTests
             manageTests
             manageGlossaries
             manageUserCredentials

metadata-utils/src/main/java/com/linkedin/metadata/authorization/PoliciesConfig.java

@@ -90,6 +90,9 @@ public class PoliciesConfig {
           "Manage Home Page Posts",
           "Create and delete home page posts");
 
+  public static final Privilege VIEW_TESTS_PRIVILEGE =
+      Privilege.of("VIEW_TESTS", "View Tests", "View Asset Tests.");
+
   public static final Privilege MANAGE_TESTS_PRIVILEGE =
       Privilege.of("MANAGE_TESTS", "Manage Tests", "Create and remove Asset Tests.");
 
@@ -158,6 +161,7 @@ public class PoliciesConfig {
           MANAGE_SECRETS_PRIVILEGE,
           GENERATE_PERSONAL_ACCESS_TOKENS_PRIVILEGE,
           MANAGE_ACCESS_TOKENS,
+          VIEW_TESTS_PRIVILEGE,
           MANAGE_TESTS_PRIVILEGE,
           MANAGE_GLOSSARIES_PRIVILEGE,
           MANAGE_USER_CREDENTIALS_PRIVILEGE,