Added/auttoken rewriter permission

[iago1501]

This PR blocks requests to the redirect mutations when the user doesn't have the role to edit the CMS settings. This is a security fix due to a report made by a client. This event is only called by catalog-graphql, with that, only users allowed to create changes will be able to properly perform it

Role required.

Workspace to test

Hot to test it:
Create a user in the store with those permissions:

Try to change link id from a category, brand or product at admin/catalog-translation

If you want to test it into your account, there's a beta version for the store-indexer:

[email protected]  

Its related to this rewriter fix released

[vtex-io-ci-cd]

Hi! I'm VTEX IO CI/CD Bot and I'll be helping you to publish your app! 🤖

Please select which version do you want to release:

• Patch (backwards-compatible bug fixes)

• Minor (backwards-compatible functionality)

• Major (incompatible API changes)

And then you just need to merge your PR when you are ready! There is no need to create a release commit/tag.

• No thanks, I would rather do it manually 😞

[vtex-io-docs-bot]

Beep boop 🤖

I noticed you didn't make any changes at the docs/ folder

• There's nothing new to document 🤔
• I'll do it later 😞

In order to keep track, I'll create an issue if you decide now is not a good time

• I just updated 🎉🎉