Feat: new settings for the "global cohorts" feature (#2544)

* wip: try the new permission management settings

...for the "global cohorts" feature

* feat: use new limitedPermissionManagement instead of permissionManagementRoleId

* feat: add new setting for cohort-middleware so it can start listing globally shared cohorts

* fix: improved/fixed comments

---------

Co-authored-by: J. Q <55899496+jawadqur@users.noreply.github.com>

gen3/bin/kube-setup-cohort-middleware.sh

@@ -34,6 +34,7 @@ setup_secrets() {
       cat - > "$credsFile" <<EOM
 ---
 arborist_endpoint: 'http://arborist-service'
+global_reader_role: 'public'
 atlas_db:
   host: "$DB_HOST"
   port: '5432'

kube/services/ohdsi-atlas/ohdsi-atlas-config-local.yaml

@@ -17,6 +17,15 @@ data:
         "ajax": false,
         "icon": "fa fa-openid"
       }];
+      // This tells Atlas to show the 'lock' icon to the user when
+      // viewing concept sets, cohort definitions, and other
+      // artifacts so that they can edit READ and WRITE
+      // permissions. By default, this is set to true
+      configLocal.enablePermissionManagement = true;  // Default is true
+      // If the enablePermissionManagement is set to true, you can specify
+      // if this capability should be limited to only users that have a
+      // specific permission for this. Leave false if all users should have that ability.
+      configLocal.limitedPermissionManagement = true;  // Default is false all users can share. If true, only users with the permission "artifact:global:share:put" get the ability to share artifacts.
       configLocal.cohortComparisonResultsEnabled = false;
       configLocal.userAuthenticationEnabled = true;
       configLocal.plpResultsEnabled = false;