[management] Auditor role (#3721)

management/server/permissions/roles/auditor.go

@@ -0,0 +1,16 @@
+package roles
+
+import (
+	"github.com/netbirdio/netbird/management/server/permissions/operations"
+	"github.com/netbirdio/netbird/management/server/types"
+)
+
+var Auditor = RolePermissions{
+	Role: types.UserRoleAuditor,
+	AutoAllowNew: map[operations.Operation]bool{
+		operations.Read:   true,
+		operations.Create: false,
+		operations.Update: false,
+		operations.Delete: false,
+	},
+}

management/server/permissions/roles/role_permissions.go

@@ -15,7 +15,8 @@ type RolePermissions struct {
 type Permissions map[modules.Module]map[operations.Operation]bool
 
 var RolesMap = map[types.UserRole]RolePermissions{
-	types.UserRoleOwner: Owner,
+	types.UserRoleOwner:   Owner,
-	types.UserRoleAdmin: Admin,
+	types.UserRoleAdmin:   Admin,
-	types.UserRoleUser:  User,
+	types.UserRoleUser:    User,
+	types.UserRoleAuditor: Auditor,
 }

management/server/types/user.go

@@ -15,6 +15,7 @@ const (
 	UserRoleUser         UserRole = "user"
 	UserRoleUnknown      UserRole = "unknown"
 	UserRoleBillingAdmin UserRole = "billing_admin"
+	UserRoleAuditor      UserRole = "auditor"
 
 	UserStatusActive   UserStatus = "active"
 	UserStatusDisabled UserStatus = "disabled"
@@ -35,6 +36,8 @@ func StrRoleToUserRole(strRole string) UserRole {
 		return UserRoleUser
 	case "billing_admin":
 		return UserRoleBillingAdmin
+	case "auditor":
+		return UserRoleAuditor
 	default:
 		return UserRoleUnknown
 	}