fix(rbac): update changes && fix CI errors

apps/emqx/test/emqx_common_test_http.erl

@@ -17,7 +17,6 @@
 -module(emqx_common_test_http).
 
 -include_lib("common_test/include/ct.hrl").
--include_lib("emqx_dashboard/include/emqx_dashboard_rbac.hrl").
 
 -export([
     request_api/3,
@@ -34,6 +33,9 @@
 -define(DEFAULT_APP_ID, <<"default_appid">>).
 -define(DEFAULT_APP_SECRET, <<"default_app_secret">>).
 
+%% from emqx_dashboard/include/emqx_dashboard_rbac.hrl
+-define(ROLE_API_SUPERUSER, <<"api_administrator">>).
+
 request_api(Method, Url, Auth) ->
     request_api(Method, Url, [], Auth, []).
 

apps/emqx_dashboard/src/emqx_dashboard.erl

@@ -212,7 +212,7 @@ listener_name(Protocol) ->
 
 -if(?EMQX_RELEASE_EDITION =/= ee).
 %% dialyzer complains about the `unauthorized_role' clause...
--dialyzer({no_match, [authorize/1]}).
+-dialyzer({no_match, [authorize/1, api_key_authorize/3]}).
 -endif.
 
 authorize(Req) ->

changes/ee/feat-11766.en.md

@@ -0,0 +1,8 @@
+Implemented a preliminary Role-Based Access Control for the REST API.
+
+  In this version, there are three predefined roles:
+  - Administrator: This role could access all resources.
+
+  - Viewer: This role can only view resources and data, corresponding to all GET requests in the REST API.
+
+  - Publisher: This role is special for MQTT messages publish, it can only access publish-related endpoints.