MBS-13108: Require relationship editor, not admin, privs for attributes

There's no real reason this should be locked behind account_admin.
It has nothing to do with accounts nor private data, and a lot to do
with schema / style, which is what we generally use relationship_editor
for (not just relationships but also genres, instruments).

Author: reosarevok

lib/MusicBrainz/Server/Controller/Attributes.pm

@@ -94,7 +94,7 @@ sub attribute_index : Chained('attribute_base') PathPart('') {
     );
 }
 
-sub create : Chained('attribute_base') RequireAuth(account_admin) SecureForm {
+sub create : Chained('attribute_base') RequireAuth(relationship_editor) SecureForm {
     my ($self, $c) = @_;
     my $model = $c->stash->{model};
 
@@ -115,7 +115,7 @@ sub create : Chained('attribute_base') RequireAuth(account_admin) SecureForm {
     }
 }
 
-sub edit : Chained('attribute_base') Args(1) RequireAuth(account_admin) SecureForm {
+sub edit : Chained('attribute_base') Args(1) RequireAuth(relationship_editor) SecureForm {
     my ($self, $c, $id) = @_;
     my $model = $c->stash->{model};
     my $attr = $c->model($model)->get_by_id($id);
@@ -137,7 +137,7 @@ sub edit : Chained('attribute_base') Args(1) RequireAuth(account_admin) SecureFo
     }
 }
 
-sub delete : Chained('attribute_base') Args(1) RequireAuth(account_admin) SecureForm {
+sub delete : Chained('attribute_base') Args(1) RequireAuth(relationship_editor) SecureForm {
     my ($self, $c, $id) = @_;
     my $model = $c->stash->{model};
     my $attr = $c->model($model)->get_by_id($id)

t/lib/t/MusicBrainz/Server/Controller/Attributes/Delete.pm

@@ -31,7 +31,10 @@ test 'Delete standard attribute (series type)' => sub {
     $test->mech->get('/logout');
     $test->mech->get('/login');
     $test->mech->submit_form(
-        with_fields => { username => 'admin', password => 'password' },
+        with_fields => {
+            username => 'relationship_editor',
+            password => 'password',
+        },
     );
 
     $mech->get('/attributes/SeriesType/delete/1');
@@ -94,7 +97,10 @@ test 'Delete language' => sub {
     $test->mech->get('/logout');
     $test->mech->get('/login');
     $test->mech->submit_form(
-        with_fields => { username => 'admin', password => 'password' },
+        with_fields => {
+            username => 'relationship_editor',
+            password => 'password',
+        },
     );
 
     $mech->get_ok('/attributes/Language/delete/120');
@@ -157,7 +163,10 @@ test 'Delete script' => sub {
     $test->mech->get('/logout');
     $test->mech->get('/login');
     $test->mech->submit_form(
-        with_fields => { username => 'admin', password => 'password' },
+        with_fields => {
+            username => 'relationship_editor',
+            password => 'password',
+        },
     );
 
     $mech->get_ok('/attributes/Script/delete/28');

t/sql/attributes.sql

@@ -11,8 +11,8 @@ INSERT INTO editor (
   id, name, password, ha1,
   email, email_confirm_date, privs)
 VALUES (
-  2, 'admin', '{CLEARTEXT}password', '3a115bc4f05ea9856bd4611b75c80bca',
-  'foo@example.com', now(), 128);
+  2, 'relationship_editor', '{CLEARTEXT}password',
+  '3a115bc4f05ea9856bd4611b75c80bca', 'foo@example.com', now(), 8);
 
 -- Release for language and script usage
 INSERT INTO artist (