fix(rbac): change default role and update changes

apps/emqx_dashboard/include/emqx_dashboard.hrl

@@ -23,11 +23,7 @@
 -define(ROLE_VIEWER, <<"viewer">>).
 -define(ROLE_SUPERUSER, <<"superuser">>).
 
--if(?EMQX_RELEASE_EDITION == ee).
--define(ROLE_DEFAULT, ?ROLE_VIEWER).
--else.
 -define(ROLE_DEFAULT, ?ROLE_SUPERUSER).
--endif.
 
 -record(?ADMIN, {
     username :: binary(),

apps/emqx_dashboard/src/emqx_dashboard_admin.erl

@@ -405,7 +405,7 @@ ensure_role(Role) when is_binary(Role) ->
 
 -if(?EMQX_RELEASE_EDITION == ee).
 legal_role(Role) ->
-    emqx_dashboard_rbac:legal_role(Role).
+    emqx_dashboard_rbac:valid_role(Role).
 
 role(Data) ->
     emqx_dashboard_rbac:role(Data).

apps/emqx_dashboard/src/emqx_dashboard_api.erl

@@ -242,7 +242,7 @@ logout(_, #{
     end.
 
 users(get, _Request) ->
-    {200, emqx_dashboard_admin:all_users()};
+    {200, filter_result(emqx_dashboard_admin:all_users())};
 users(post, #{body := Params}) ->
     Desc = maps:get(<<"description">>, Params, <<"">>),
     Role = maps:get(<<"role">>, Params, ?ROLE_DEFAULT),

apps/emqx_dashboard_rbac/src/emqx_dashboard_rbac.erl

@@ -6,7 +6,7 @@
 
 -include_lib("emqx_dashboard/include/emqx_dashboard.hrl").
 
--export([check_rbac/2, role/1, legal_role/1]).
+-export([check_rbac/2, role/1, valid_role/1]).
 
 -dialyzer({nowarn_function, role/1}).
 %%=====================================================================
@@ -27,7 +27,7 @@ role([]) ->
 role(#{role := Role}) ->
     Role.
 
-legal_role(Role) ->
+valid_role(Role) ->
     case lists:member(Role, role_list()) of
         true ->
             ok;

changes/ee/feat-11610.en.md

@@ -1,6 +1,9 @@
 Implemented a preliminary Role-Based Access Control for the Dashboard.
+
 In this version, there are two predefined roles:
 - superuser
+
   This role could access all resources.
 - viewer
-  This role only can access the `GET` resource.
+
+  This role can only view resources and data, corresponding to all GET requests in the REST API.