lf-program-manager role unable to fetch Approved Contributors from PCC

[jarias-lfx]

Summary

lf-program-manager role is unable to fetch Approved Contributors from PCC. This section has personal data information, but lf-program-manager should be allowed to fetch this data. Currently only formation-team and lf-operations can access fetch this data.

Details

Reporter: Juansebastian Arias
Support Ticket Link: https://jira.linuxfoundation.org/browse/SUPPORT-28169
Username: jsarias
Email: [email protected]
UserID: 0032M00003M7LbjQAF

The URL of where it occurred: https://v1.projectadmin.lfx.linuxfoundation.org/project/a092M00001Lk6x8QAB/tools/easycla/overview/fe63c762-7c88-4806-b5eb-39e93e21eacd/signatures

The approximate time when the issue occurred (specify timezone): N/A

The Datadog Session Replay: https://app.datadoghq.com/rum/replay/sessions/85359eca-8454-46b4-879f-a98ce3260a7e?applicationId=2171b650-b0c8-4236-9249-0b91170b4df9&seed=6e59b3dd-c47e-4181-9639-49d2fb065f22&ts=1720805948222

Timestamp in replay or a link to logs if replay unavailable: N/A

If no replay or logs found in Datadog, link to fullstory: N/A

Error Message displayed in UI:

URL: https://v1.projectadmin.lfx.linuxfoundation.org/project/a092M00001Lk6x8QAB/tools/easycla/overview/fe63c762-7c88-4806-b5eb-39e93e21eacd/signatures

Time: July 12, 2024 at 11:48:41 AM GMT-6

Error: {"headers":{"normalizedNames":{},"lazyUpdate":null},"status":403,"statusText":"OK","url":"https://pcc-bff.platform.linuxfoundation.org/production/api/cla-services/cla-group/fe63c762-7c88-4806-b5eb-39e93e21eacd/contributors?companyID=6f1a39c9-f3ac-4e2c-a007-54c236c0a2b7","ok":false,"name":"HttpErrorResponse","message":"Http failure response for https://pcc-bff.platform.linuxfoundation.org/production/api/cla-services/cla-group/fe63c762-7c88-4806-b5eb-39e93e21eacd/contributors?companyID=6f1a39c9-f3ac-4e2c-a007-54c236c0a2b7: 403 OK","error":{"status":403,"stack":"","details":null,"message":"EasyCLA - 403 Forbidden - user 'jsariaspcctest1' is not authorized to view project CCLA signatures project scope or project|organization scope for company ID: 6f1a39c9-f3ac-4e2c-a007-54c236c0a2b7","code":"403","requestId":"347fc9bf-a976-48f3-abd5-27aad9c9cbbd","data":{}}} 

Additional Information: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

API Error or applicable return info in browser Network tab:

{
    "status": 403,
    "stack": "",
    "details": null,
    "message": "EasyCLA - 403 Forbidden - user 'jsariaspcctest1' is not authorized to view project CCLA signatures project scope or project|organization scope for company ID: 6f1a39c9-f3ac-4e2c-a007-54c236c0a2b7",
    "code": "403",
    "requestId": "347fc9bf-a976-48f3-abd5-27aad9c9cbbd",
    "data": {}
}

Request:

https://pcc-bff.platform.linuxfoundation.org/production/api/cla-services/cla-group/fe63c762-7c88-4806-b5eb-39e93e21eacd/contributors?companyID=6eb1504d-edd1-4cd6-98d4-aceb93f12fc8
``

## Steps to Reproduce

Test username: jsariaspcctest1
Test email: [[email protected]](mailto:[email protected])

Test Environment (dev or prod): PROD

Browser(s): Chrome

OS: MacOS

Steps:
1- Access PCC
2- Search for DPEL (This happens with any Project, using DPEL as example)
3- Select EasyCLA
4- Select SIGNATURES
5- Select Signed CCLAs
6- Expand the Approved Contributors for DreamWorks

Actual Result (of the steps above):
This user has lf-staff, lf-it-staff, admin and lf-program-manager roles, with these roles the PMOs should be able to fetch the Approved Contributors, but currently they are getting a 503 Permission error:

![Image](https://github.com/user-attachments/assets/2300856d-0338-4ebb-a20b-4e75d6d4e957)

Expected Result (why you are opening this ticket - why is this a defect?):
lf-program-manager role should be able to fetch the Approved Contributors.

## Important
This section can be accessed by community-program-manager and cla-program manager roles as well. Since these roles are for users outside the LF, they should NOT be able to fetch this data, lf-program-managers should.