feat: Read-only users (#1955)

* Introduce isViewer field

* Update policies

* Make users read-only feature

* Remove not demoting current user validation

* Update tests

* Catch the unhandled promise rejection

* Hide unnecessary ui elements for read-only user

* Update app/scenes/Settings/People.js

Co-authored-by: Tom Moor <tom.moor@gmail.com>

* Remove redundant logic for admin only policies

* Use can logic

* Update snapshot

* Remove lint error

* Update snapshot

* Minor fix

* Update app/menus/UserMenu.js

Co-authored-by: Tom Moor <tom.moor@gmail.com>

* Update server/api/users.js

Co-authored-by: Tom Moor <tom.moor@gmail.com>

* Update app/components/DocumentListItem.js

Co-authored-by: Tom Moor <tom.moor@gmail.com>

* Update app/stores/UsersStore.js

Co-authored-by: Tom Moor <tom.moor@gmail.com>

* Use useCurrentTeam hook in functional component

* Update translation

* Update ternary

* Remove punctuation

* Move the functions to User model

* Update share policy and shareMenu

* Rename makeAdmin to promote

* Create updateCounts function and Rank enum

* Update tests

* Remove enum

* Use async await, remove enum and create computed accessor

* Remove unused variable

* Fix lint issues

* Hide templates

* Create shared/types and use rank type from it

* Delete shared/utils/rank type file

Co-authored-by: Tom Moor <tom.moor@gmail.com>

server/policies/apiKey.js

@@ -5,13 +5,11 @@ import policy from "./policy";
 const { allow } = policy;
 
 allow(User, "createApiKey", Team, (user, team) => {
-  if (!team || user.teamId !== team.id) return false;
+  if (!team || user.isViewer || user.teamId !== team.id) return false;
   return true;
 });
 
-allow(
-  User,
-  ["read", "update", "delete"],
-  ApiKey,
-  (user, apiKey) => user && user.id === apiKey.userId
-);
+allow(User, ["read", "update", "delete"], ApiKey, (user, apiKey) => {
+  if (user.isViewer) return false;
+  return user && user.id === apiKey.userId;
+});