Check user permissions before promoting data science projects

[DaoDaoNoCode]

Closes #963

Description

We can use SelfSubjectReviewAccess to check the permissions of a specific user to some resources. For this issue, we need to check the update permission to the given project, but everything needs to be done at the backend so we need to call passThrough and the k8s API endpoint directly before the service account do the labels patching.

How Has This Been Tested?

Prerequisite: You must have 2 accounts on the cluster, 1 as the cluster admin (ADMIN) and one as the regular user (USER).

1. Deploy the image of this PR pr-991 to your dashboard pod
2. Create a regular project (non-DSG project) using the OpenShift console or the oc command with the ADMIN account
3. Login to the dashboard with both the ADMIN account and USER account and go to the URL ${dashboardURL}/api/namespaces/${projectYouCreated}/1, this command will patch a label and promote the project to a model serving project
4. Check the result of these 2 accounts, for ADMIN, it should return { applied: true }, and for the USER account, it should return a 403 error
5. Add a RoleBinding to the namespace, the role is admin and the subject is the regular user, which gives the regular user admin permission to the project
6. Use the USER account to request that URL again, you will see { applied: true }
7. Delete the RoleBinding and create a new RoleBinding but change the role to edit
8. Repeat step 6 and you will find it returns a 403 error again
9. Use the USER account to create a new project as in step 2, and test the permission in the dashboard as in steps 3 and 4

Follow the test instructions in the last section, you will see this if you have admin permission for the project you are trying to promote:

And the project will be promoted:

If you don't have permission:

Test Impact

N/A, this needs to be tested on the cluster since we need the service account.

Request review criteria:

• The commits have meaningful messages (squashes happen on merge by the bot).
• Included any necessary screenshots or gifs if it was a UI change.
• Included tags to the UX team if it was a UI/UX change.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work
• The developer has added tests or explained why testing cannot be added (unit tests & storybook for related changes)

[DaoDaoNoCode]

/hold Waiting for an image built to deploy and test.

[DaoDaoNoCode]

/unhold Everything is updated and ready for review.

[andrewballantyne]

We need to look at our linter again -- seems just omitting types is still allowed.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andrewballantyne

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [andrewballantyne]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment