Add desktop session-related ACLs to Connect (#54031)

* Add desktop session-related ACLs to Connect

* Add new fields to `makeAcl`

Author: gzdunek

gen/proto/go/teleport/lib/teleterm/v1/cluster.pb.go

@@ -198,20 +198,22 @@ func (c *Cluster) GetWithDetails(ctx context.Context, authClient authclient.Clie
 	roleSet := services.NewRoleSet(roles...)
 	userACL := services.NewUserACL(user, roleSet, *authPingResponse.ServerFeatures, false, false)
 	acl := &api.ACL{
-		RecordedSessions: convertToAPIResourceAccess(userACL.RecordedSessions),
-		ActiveSessions:   convertToAPIResourceAccess(userACL.ActiveSessions),
-		AuthConnectors:   convertToAPIResourceAccess(userACL.AuthConnectors),
-		Roles:            convertToAPIResourceAccess(userACL.Roles),
-		Users:            convertToAPIResourceAccess(userACL.Users),
-		TrustedClusters:  convertToAPIResourceAccess(userACL.TrustedClusters),
-		Events:           convertToAPIResourceAccess(userACL.Events),
-		Tokens:           convertToAPIResourceAccess(userACL.Tokens),
-		Servers:          convertToAPIResourceAccess(userACL.Nodes),
-		Apps:             convertToAPIResourceAccess(userACL.AppServers),
-		Dbs:              convertToAPIResourceAccess(userACL.DBServers),
-		Kubeservers:      convertToAPIResourceAccess(userACL.KubeServers),
-		AccessRequests:   convertToAPIResourceAccess(userACL.AccessRequests),
-		ReviewRequests:   userACL.ReviewRequests,
+		RecordedSessions:        convertToAPIResourceAccess(userACL.RecordedSessions),
+		ActiveSessions:          convertToAPIResourceAccess(userACL.ActiveSessions),
+		AuthConnectors:          convertToAPIResourceAccess(userACL.AuthConnectors),
+		Roles:                   convertToAPIResourceAccess(userACL.Roles),
+		Users:                   convertToAPIResourceAccess(userACL.Users),
+		TrustedClusters:         convertToAPIResourceAccess(userACL.TrustedClusters),
+		Events:                  convertToAPIResourceAccess(userACL.Events),
+		Tokens:                  convertToAPIResourceAccess(userACL.Tokens),
+		Servers:                 convertToAPIResourceAccess(userACL.Nodes),
+		Apps:                    convertToAPIResourceAccess(userACL.AppServers),
+		Dbs:                     convertToAPIResourceAccess(userACL.DBServers),
+		Kubeservers:             convertToAPIResourceAccess(userACL.KubeServers),
+		AccessRequests:          convertToAPIResourceAccess(userACL.AccessRequests),
+		ReviewRequests:          userACL.ReviewRequests,
+		DirectorySharingEnabled: userACL.DirectorySharing,
+		ClipboardSharingEnabled: userACL.Clipboard,
 	}
 
 	withDetails := &ClusterWithDetails{

gen/proto/ts/teleport/lib/teleterm/v1/cluster_pb.ts

@@ -143,6 +143,10 @@ message ACL {
   ResourceAccess active_sessions = 14;
   // review_requests defines the ability to review requests
   bool review_requests = 15;
+  // Indicates whether the user can share a local directory with the remote machine during desktop sessions.
+  bool directory_sharing_enabled = 16;
+  // Indicates whether the user can share their clipboard with the remote machine during desktop sessions.
+  bool clipboard_sharing_enabled = 17;
 }
 
 // ResourceAccess describes access verbs

lib/teleterm/clusters/cluster.go

@@ -135,7 +135,7 @@ export const makeLeafCluster = (
   ...props,
 });
 
-export const makeAcl = (props: Partial<ACL> = {}) => ({
+export const makeAcl = (props: Partial<ACL> = {}): ACL => ({
   recordedSessions: {
     list: true,
     read: true,
@@ -241,6 +241,8 @@ export const makeAcl = (props: Partial<ACL> = {}) => ({
     use: true,
   },
   reviewRequests: true,
+  directorySharingEnabled: true,
+  clipboardSharingEnabled: true,
   ...props,
 });