session_rpcserver: allow custom session with all read-only perms

In this commit, a special case is added to the creation of a custom
session to allow the user to specify custom URIs as well as the
permissions for all read-only endpoints.

Author: ellemouton

session_rpcserver.go

@@ -152,6 +152,19 @@ func (s *sessionRpcServer) AddSession(_ context.Context,
 				continue
 			}
 
+			// If the action specified was the 'readonly' keyword,
+			// then this is taken to mean that the permissions for
+			// all read-only URIs should be granted.
+			if op.Action == "readonly" {
+				readPerms := s.cfg.permMgr.ActivePermissions(
+					true,
+				)
+
+				permissions = append(permissions, readPerms...)
+
+				continue
+			}
+
 			// First check if this is a regex URI.
 			uris, isRegex := s.cfg.permMgr.MatchRegexURI(op.Action)
 			if isRegex {