Ensure lists for resources that don't have schema attributes.verbs LIST aren't shown

[richard-cox]

Summary

Fixes #15453

Occurred changes and/or fixed issues

• some resources cannot be listed, for example
  • "ext.cattle.io.passwordchangerequest",
  • "authorization.k8s.io.subjectaccessreview",
  • "authorization.k8s.io.selfsubjectrulesreview",
  • "authorization.k8s.io.selfsubjectaccessreview",
  • "binding",
  • "authentication.k8s.io.tokenreview",
  • "ext.cattle.io.groupmembershiprefreshrequest",
  • "authentication.k8s.io.selfsubjectreview",
  • "authorization.k8s.io.localsubjectaccessreview",
  • "ext.cattle.io.selfuser"
• Navigating directly to these resources via url (Example /c/local/explorer/authentication.k8s.io.selfsubjectreview)
  • Previously - showed an empty list with forever loading indicator
  • Now - show an error
• Navigating via the side nav
  • No change (this happens anyway given they have a count of zero)
• Navigating via the resource search modal
  • Before - these were shown and user could click
  • Now - these are not shown
• In order to support the ResourceList beforeMount AND fetch in a component with mixins that do NOT contain beforeMount i had to update fetch.client (which overwrites beforeMount if fetch is there)

Areas or cases that should be tested

• User cannot see resources that cannot be listed in the side bar
• User cannot see resources that cannot be listed in the cluster explorer resource search
• When navigating directly to a list that shows resources that cannot be listed we show an appropriate message
  • Example /c/local/explorer/authentication.k8s.io.selfsubjectreview

Areas which could experience regressions

• spoofed resource lists should show
  • Users & Authentication - Groups
  • Cluster --> Logging --> Filters
• Lists that have custom components continue to load results
  • cluster explorer --> Workload types
  • cluster management --> clusters
• Lists that have no custom components continue to load results
  • cluster explorer --> more resources --> authentication providers
  • cluster management --> advanced --> machine deployments

Checklist

• The PR is linked to an issue and the linked issue has a Milestone, or no issue is needed
• The PR has a Milestone
• The PR template has been filled out
• The PR has been self reviewed
• The PR has a reviewer assigned
• The PR has automated tests or clear instructions for manual tests and the linked issue has appropriate QA labels, or tests are not needed
• The PR has reviewed with UX and tested in light and dark mode, or there are no UX changes
• The PR has been reviewed in terms of Accessibility
• The PR has considered, and if applicable tested with, the three Global Roles Admin, Standard User and User Base

[richard-cox]

without this the fetch would not run in components with beforeMount and mixins which had no beforeMounts

[richard-cox]

Spoofed lists should always have LIST permissions

[codyrancher]

In the future should we be checking for the get verb or using canList in all the places we're doing permissions with schemaFor?

[richard-cox]

@codyrancher exactly that. before we just checked if the schema was accessible then assumed all get/list was allowed. going forward we should use the new canGet and updated canList getters. I recently updated the pr with the canGet to solve an issue with the user activity stuff (we were trying to canList a resource which only supported Get), so worth another quick review

[richard-cox]

Note to self, this requires squash merging

[codyrancher]

Note to self, this requires squash merging

Squash with just the ascii art commit message