Context

As of today foreman RH Cloud's insights_forwarder proxies and redirects requests from the Satellite frontend to the appropriate insights end point with the correct tags.

Goal

Satellite needs to forbid calling insights api end points if the user does not have the appropriate permissions.

Acceptance criteria:

• Put/Post/Delete actions should fail if the user does not have the edit permissions.
• Get actions should fail if the user does not have the read permissions
•  

QE Test

• Test negative scenarios
  • User without view_vulnerabilities should not be able to get a list of CVES
  • User without view_advisor should not be able to get a list of recommendations 

Additional info:

Appropriate permission data here => https://github.com/theforeman/foreman_rh_cloud/blob/develop/app/services/foreman_rh_cloud/insights_api_forwarder.rb#L7-L15