🐞 V3: GET /v3/apps/:guid/permissions

Space developers can read sensitive data.

[finishes #169770887]

Co-authored-by: Reid Mitchell <rmitchell@pivotal.io>
Co-authored-by: Brian Cunnie <bcunnie@pivotal.io>

Author: reidmit

app/controllers/v3/apps_controller.rb

@@ -329,7 +329,7 @@ def show_permissions
 
     render status: :ok, json: {
       read_basic_data: true,
-      read_sensitive_data: permission_queryer.can_read_secrets_globally?,
+      read_sensitive_data: permission_queryer.can_read_secrets_in_space?(space.guid, org.guid),
     }
   end
 

docs/v3/source/includes/resources/apps/_permissions.md.erb

@@ -25,8 +25,8 @@ Content-Type: application/json
 ```
 
 Get the current user's permissions for the given app. If a user can see an app,
-then they can see its basic data. Only admin and read-only admins can read sensitive
-data.
+then they can see its basic data. Only admin, read-only admins, and space
+developers can read sensitive data.
 
 #### Definition
 `GET /v3/apps/:guid/permissions`

spec/request/apps_spec.rb

@@ -2554,7 +2554,7 @@
       h['org_manager'] = { code: 200, response_object: read_basic_response }
       h['space_manager'] = { code: 200, response_object: read_basic_response }
       h['space_auditor'] = { code: 200, response_object: read_basic_response }
-      h['space_developer'] = { code: 200, response_object: read_basic_response }
+      h['space_developer'] = { code: 200, response_object: read_all_response }
       h.freeze
     end