Problem with user permissions still involving the "Save As"

[tdipisa]

Description

It seems user permissions (USER role) are not well handled in some cases. The problem has been noticed after fixing #11390. Below the involved scenario that need to be fixed. The problem for sure involve DEV and QA but most probably also v2025.01.01 (where the problem is not evident due to this other bug #11390 now fixed in other environments). This is a regression from v2024.02 series.

How to reproduce

• The involved map is
  • For DEV https://dev-mapstore.geosolutionsgroup.com/mapstore/#/viewer/10358
  • For QA https://qa-mapstore.geosolutionsgroup.com/mapstore/#/viewer/10358
• Where permissions are the following
  
• Logging in as a normal user (I tried with tdipisa_user) having these details
  
• Try to Save As
  

Expected Result

• It is possible to Save As a map in these conditions to create a personal copy of the resource.
• Who created that copy is the owner and the owner should be able to set permissions on own resources
• Who has edit permissions should be allowed to manage permissions
• The Permission tab should not be present at all if the user doesn't have permissions to manage auth rules

Current Result

• The error above is raised
• The map is anyway created but the permissions request to the backend fails:

    curl 'https://qa-mapstore.geosolutionsgroup.com/mapstore/rest/geostore/resources/resource/47225/permissions' \
      -H 'Accept: application/json, text/plain, */*' \
      -H 'Accept-Language: en,it;q=0.9,fr-FR;q=0.8,fr;q=0.7,en-US;q=0.6' \
      -H 'Authorization: Bearer 44ddd536-fba8-4627-9a66-278a5171e7de' \
      -H 'Cache-Control: no-cache' \
      -H 'Connection: keep-alive' \
      -b '_hp2_props.2826793817=%7B%22account_state%22%3A%22active%22%2C%22account_plan%22%3A%22Enterprise%2021%22%2C%22billing_cycle%22%3A1%7D; SL_C_23361dd035530_SID={"1e81b1058a277e08b89ce1a8afae7c273bf43218":{"sessionId":"V8QYLRSWYuyodzrDAbXu-","visitorId":"oRXPNUtJkZZ4vQusPGj5H"}}; _hp2_id.2826793817=%7B%22userId%22%3A%222597702955337355%22%2C%22pageviewId%22%3A%227461049601475512%22%2C%22sessionId%22%3A%227389762882815980%22%2C%22identity%22%3A%22201003634192%22%2C%22trackerVersion%22%3A%224.0%22%2C%22identityField%22%3Anull%2C%22isIdentified%22%3A1%7D' \
      -H 'Pragma: no-cache' \
      -H 'Referer: https://qa-mapstore.geosolutionsgroup.com/mapstore/' \
      -H 'Sec-Fetch-Dest: empty' \
      -H 'Sec-Fetch-Mode: cors' \
      -H 'Sec-Fetch-Site: same-origin' \
      -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
      -H 'sec-ch-ua: "Not;A=Brand";v="99", "Google Chrome";v="139", "Chromium";v="139"' \
      -H 'sec-ch-ua-mobile: ?0' \
      -H 'sec-ch-ua-platform: "Windows"'

• Which means that opening the Resource Properties, the same request fails again when trying to access the Properties tab with the following result
  
• Going in edit mode of the Permission tab the following is the result
  

Then, when the user is now assigned to the group geosolutions (it should have edit permissions in that case, see above)

below is the result when trying to open the Permissions tab in Resource Properties, where the same permissions request fails with a HTTP 403

and the content of the Permissions tab is not available both in view and edit mode (but the tab available anyway and it should not, in theory)

• Not browser related

Browser info

(use this site: https://www.whatsmybrowser.org/ for non expert users)

Browser Affected	Version
Internet Explorer
Edge
Chrome
Firefox
Safari

Other useful information

[tdipisa]

With @allyoucanmap we found the issue due to a typo in our DBs that is coming from an old implementation where the attribute 'owner' was added to the resources (only maps). Involved issues/PRs are the folowing:
#4475
#4634
#5993

We provided a temporary fix on the FE side. A dedicated issue for the BE will be managed to remove the old logic no longer necessary.