Listing credentials authorisation check

[ChampiYann]

There is a comment in this Github issue detailing the problem this pull requests tries to fix.
It comes down to adding a check to the getCredentials method to check if the user requesting the credentials is permitted to use the credentials of a provider.

Proposed changelog entries

• Fixes issue where credentials are not showing up in lists when a pipeline in a folder has it's "Acces Control for Builds" set to a specific user. Credentials now show up in the list if the specified user has the CredentialsProvider.USE_ITEM permission.

Submitter checklist

• JIRA issue is well described
• Changelog entry appropriate for the audience affected by the change (users or developer, depending on the change).
  * Use the Internal: prefix if the change has no user-visible impact (API, test frameworks, etc.)
• Appropriate autotests or explanation to why this change has no tests

[jtnord]

I think this should allow for listing credentials if the user can also configure the itemgroup (as they may be able to select a credential that the system (not they themselves) will use later

(note the follow syntax has not been checked)

Suggested change

	if (folder.hasPermission(authentication, CredentialsProvider.USE_ITEM)) {
	if (folder.hasPermission(authentication, CredentialsProvider.USE_ITEM) || folder.hasPermission(authentication, Item.CONFIGURE)) {

@daniel-beck I always have to double think this - but for listing the credential IDs it should be you have configure on the item, or the ability to use a credntials. (configure so you can select a credential that the job/system can use even if you can not use it, USE_ITEM incase you can not configure the job (e.g. for the pipeline snippet generator at the job level and the pipeline is "as-code")?

[ChampiYann]

Hi, I'm assuming we're waiting for @daniel-beck 's response on this. Is there any indication on when we can expect that?