Add engagement, finding, and test note permissions

Author: Maffooch

dojo/api_v2/permissions.py

@@ -401,6 +401,15 @@ class UserHasEngagementRelatedObjectPermission(BaseRelatedObjectPermission):
     }
 
 
+class UserHasEngagementNotePermission(BaseRelatedObjectPermission):
+    permission_map = {
+        "get_permission": Permissions.Engagement_View,
+        "put_permission": Permissions.Engagement_View,
+        "delete_permission": Permissions.Engagement_View,
+        "post_permission": Permissions.Engagement_View,
+    }
+
+
 class UserHasRiskAcceptancePermission(permissions.BasePermission):
     def has_permission(self, request, view):
         # The previous implementation only checked for the object permission if the path was
@@ -453,6 +462,15 @@ class UserHasFindingRelatedObjectPermission(BaseRelatedObjectPermission):
     }
 
 
+class UserHasFindingNotePermission(BaseRelatedObjectPermission):
+    permission_map = {
+        "get_permission": Permissions.Finding_View,
+        "put_permission": Permissions.Finding_View,
+        "delete_permission": Permissions.Finding_View,
+        "post_permission": Permissions.Finding_View,
+    }
+
+
 class UserHasImportPermission(permissions.BasePermission):
     def has_permission(self, request, view):
         # permission check takes place before validation, so we don't have access to serializer.validated_data()
@@ -833,6 +851,15 @@ class UserHasTestRelatedObjectPermission(BaseRelatedObjectPermission):
     }
 
 
+class UserHasTestNotePermission(BaseRelatedObjectPermission):
+    permission_map = {
+        "get_permission": Permissions.Test_View,
+        "put_permission": Permissions.Test_View,
+        "delete_permission": Permissions.Test_View,
+        "post_permission": Permissions.Test_View,
+    }
+
+
 class UserHasTestImportPermission(permissions.BasePermission):
     def has_permission(self, request, view):
         return check_post_permission(