fix: permission rules for connect manager

[imcaizheng]

Summary

• Connect manager now can act like a regular user regarding permissions.
• Regular user can update any candidate of a job if the regular user can access the project associated with the job.
• In postman collection folder Test Permission Rules > Request with Connect Manager Role is updated to reflect the permission changes.
• In postman collection small typos in request Test Permission Rules > ✘ create job candidate with member and request Test Permission Rules > ✘ create resource booking with member are corrected.

[maxceem]

Thanks, @imcaizheng.

1. Connect Manager still cannot create a Job even if the user is a member of the project:
   Example:

   • project 16843
   • user pshahcopmanag2
   • 

   I would like to note one thing. Connect Manager users can access all the projects because they have a powerful role. But they should be only allowed to create jobs in the projects where they are members:

   

   At the moment we always use check for Topcoder Users: if user can access project, means user is a member of the project. This is true for Topcoder Users, but not for Connect Managers because Connect Managers can access projects even if they are not members of that project.

   Though at the moment, Connect Managers cannot create Job even they are members or no.

2. The same like above Connect Manager cannot update JobCandidates even if a member of the project:

   

[imcaizheng]

@maxceem I reckoned that you got the Forbidden error is because pshahcopmanag2 was not yet created in /v5/users. In this case the app would try to create a new v5 user of pshahcopmanag2, due to AUTH0 credential issue we have previously discussed, it would simple fail with error message POST /v5/users (403).

I have manually created user pshahcopmanag2 in v5/users, so this user can be used in verification.

[maxceem]

@imcaizheng works good for me locally.

Merging this PR so the QA team could verify it on DEV.