Allow USER role to get UI Configuration

[raj-manvar]

Description

Trino Gateway supports disabling pages from the UI using uiConfiguration config https://trinodb.github.io/trino-gateway/gateway-api/#disable-routing-rules-ui

The webapp makes the call to get the list of disabled pages using the /webapp/getUIConfiguration endpoint.

This is called irrespective of whether an Admin has logged in or User because the pages disabled in the uiConfiguration are globally disabled.

However, currently only the ADMIN role is allowed to call /webapp/getUIConfiguration endpoint which results in "Login has expired, please login again" error messages whenever anyone with USER role logs in through the webapp.

Additional context and related issues

Only the Admin is allowed to get the uiConfiguration based on https://github.com/trinodb/trino-gateway/blob/main/gateway-ha/src/main/java/io/trino/gateway/ha/resource/GatewayWebAppResource.java#L466

webapp makes the getUIConfiguration call at https://github.com/trinodb/trino-gateway/blob/main/webapp/src/components/layout.tsx#L25

Release notes

( ) This is not user-visible or is docs only, and no release notes are required.
(x) Release notes are required. Please propose a release note for me.
( ) Release notes are required, with the following suggested text:

* Allow USER role to get UI configuration

[raj-manvar]

When running Trino gateway with the follow config

authentication:
    defaultType: "form"
    form:
        #ldapConfigPath: /home/rmanvar/opensource/trino-gateway/gateway-ha/src/main/resources/ldapConfig.yml
        selfSignKeyPair:
            privateKeyRsa: /home/rmanvar/opensource/trino-gateway/gateway-ha/src/main/resources/private_key.pem
            publicKeyRsa: /home/rmanvar/opensource/trino-gateway/gateway-ha/src/main/resources/public_key.pem

authorization:
    admin: .*ADMIN.*
    user: .*USER.*
    api: .*API.*
    ldapConfigPath: /home/rmanvar/opensource/trino-gateway/gateway-ha/src/main/resources/ldapConfig.yml

presetUsers:
    userUser:
        password: password
        privileges: USER
    adminUser:
        password: password
        privileges: ADMIN

pagePermissions:
    admin:
    user: dashboard_history
    api:

and using the first user, I see the follow error

[raj-manvar]

After running Trino gateway with the code changes of the MR and same config, I am able to login successfully

[andythsu]

presetUsers:
    userUser:
        password: password
        privileges: USER
    adminUser:
        password: password
        privileges: ADMIN

pagePermissions:
    admin:
    user: dashboard_history
    api:

With this config, I'd expect userUser to be able to log in to see dashboard_history. Did the first screenshot fail because of the error you mentioned? Or could it be something else

[raj-manvar]

Yes, I'd expect the same behaviou. I think it's related to the error I mentioned. I had also tried adding extra logs using console.log() at https://github.com/trinodb/trino-gateway/blob/main/webapp/src/api/base.ts#L30 which is the source for sending the Login has expired, please log in again error.
I see the following in the console when logging in as userUser

error calling for GET request url JSON /webapp/getUIConfiguration                    index-Dhf5CZgC.js:101 
resp code 401                                                                        index-Dhf5CZgC.js:101 
Uncaught (in promise) Error: Login has expired, please log in again
    at p$e.authErrorHandler (index-Dhf5CZgC.js:101:8455)
    at p$e.get (index-Dhf5CZgC.js:101:7141)

[PiotrKurnik]

Yeah, currently the only way to access is to use ADMIN privilege. The behavior has changed with this PR:
4f77442#diff-5513a204debc3305e52fb4a481a79b027033e8fc8758bc438674e328cab4e300R468

[mosabua]

Makes sense to me and looks good.