Allow app-viewers to invite others as app-viewers (#2961)

* Allow app-viewers to invite others as app-viewers

* Fix description for new permissions

* Migration for setting invite policy for app viewers

app/server/appsmith-server/src/main/java/com/appsmith/server/acl/AppsmithRole.java

@@ -23,7 +23,12 @@ public enum AppsmithRole {
             Set.of(MANAGE_ORGANIZATIONS, ORGANIZATION_INVITE_USERS)),
     ORGANIZATION_DEVELOPER("Developer", "Can edit and view applications along with inviting other users to the organization",  Set.of(READ_ORGANIZATIONS,
             ORGANIZATION_MANAGE_APPLICATIONS, ORGANIZATION_READ_APPLICATIONS, ORGANIZATION_PUBLISH_APPLICATIONS, ORGANIZATION_INVITE_USERS)),
-    ORGANIZATION_VIEWER("App Viewer", "Can only view applications",  Set.of(READ_ORGANIZATIONS, ORGANIZATION_READ_APPLICATIONS));
+    ORGANIZATION_VIEWER(
+            "App Viewer",
+            "Can view applications and invite other users to view applications",
+            Set.of(READ_ORGANIZATIONS, ORGANIZATION_READ_APPLICATIONS, ORGANIZATION_INVITE_USERS)
+    ),
+    ;
 
     private Set<AclPermission> permissions;
     private String name;

app/server/appsmith-server/src/main/java/com/appsmith/server/migrations/DatabaseChangelog.java

@@ -26,11 +26,13 @@ import com.appsmith.server.domains.Plugin;
 import com.appsmith.server.domains.PluginType;
 import com.appsmith.server.domains.QApplication;
 import com.appsmith.server.domains.QDatasource;
+import com.appsmith.server.domains.QOrganization;
 import com.appsmith.server.domains.QPlugin;
 import com.appsmith.server.domains.Role;
 import com.appsmith.server.domains.Sequence;
 import com.appsmith.server.domains.User;
 import com.appsmith.server.domains.UserData;
+import com.appsmith.server.domains.UserRole;
 import com.appsmith.server.dtos.ActionDTO;
 import com.appsmith.server.dtos.DslActionDTO;
 import com.appsmith.server.dtos.OrganizationPluginStatus;
@@ -60,6 +62,7 @@ import org.springframework.data.mongodb.core.index.CompoundIndexDefinition;
 import org.springframework.data.mongodb.core.index.Index;
 import org.springframework.data.mongodb.core.index.IndexOperations;
 import org.springframework.data.mongodb.core.query.Criteria;
+import org.springframework.data.mongodb.core.query.Update;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StreamUtils;
 
@@ -1637,4 +1640,30 @@ public class DatabaseChangelog {
 
         installPluginToAllOrganizations(mongoTemplate, plugin.getId());
     }
+
+    @ChangeSet(order = "052", id = "add-app-viewer-invite-policy", author = "")
+    public void addAppViewerInvitePolicy(MongoTemplate mongoTemplate) {
+        final List<Organization> organizations = mongoTemplate.find(
+                query(new Criteria().andOperator(
+                        where(fieldName(QOrganization.organization.userRoles) + ".role").is(AppsmithRole.ORGANIZATION_VIEWER.name())
+                )),
+                Organization.class
+        );
+
+        for (final Organization org : organizations) {
+            final Set<String> viewers = org.getUserRoles().stream()
+                    .filter(role -> AppsmithRole.ORGANIZATION_VIEWER == role.getRole())
+                    .map(UserRole::getUsername)
+                    .collect(Collectors.toSet());
+            mongoTemplate.updateFirst(
+                    query(new Criteria().andOperator(
+                            where(fieldName(QOrganization.organization.id)).is(org.getId()),
+                            where(fieldName(QOrganization.organization.policies) + ".permission").is(ORGANIZATION_INVITE_USERS.getValue())
+                    )),
+                    new Update().addToSet("policies.$.users").each(viewers.toArray()),
+                    Organization.class
+            );
+        }
+
+    }
 }