[Fixes #9116] Permissions API return 403 on users in groups with manage permission on a resource

[afabiani]

References: #9116

Checklist

Reviewing is a process done by project maintainers, mostly on a volunteer basis. We try to keep the overhead as small as possible and appreciate if you help us to do so by completing the following items. Feel free to ask in a comment if you have troubles with any of them.

For all pull requests:

• Confirm you have read the contribution guidelines
• You have sent a Contribution Licence Agreement (CLA) as necessary (not required for small changes, e.g., fixing typos in the documentation)
• Make sure the first PR targets the master branch, eventual backports will be managed later. This can be ignored if the PR is fixing an issue that only happens in a specific branch, but not in newer ones.

The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):

• There is a ticket in https://github.com/GeoNode/geonode/issues describing the issue/improvement/feature (a notable exemption is, changes not visible to end-users)
• The issue connected to the PR must have Labels and Milestone assigned
• PR for bug fixes and small new features are presented as a single commit
• Commit message must be in the form "[Fixes #<issue_number>] Title of the Issue"
• New unit tests have been added covering the changes, unless there is an explanation on why the tests are not necessary/implemented
• This PR passes all existing unit tests (test results will be reported by travis-ci after opening this PR)
• This PR passes the QA checks: flake8 geonode
• Commits changing the settings, UI, existing user workflows, or adding new functionality, need to include documentation updates
• Commits adding new texts do use gettext and have updated .po / .mo files (without location infos)

Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.

[afabiani]

@marthamareal I just changed the permissions class since at the beginning of the method we have the following check

_user_can_manage = request.user.has_perm('change_resourcebase', resource.get_self_resource()) or request.user.has_perm('change_resourcebase_permissions', resource.get_self_resource())
        if config.read_only or config.maintenance or request.user.is_anonymous or not request.user.is_authenticated or \
                resource is None or not _user_can_manage:
            return Response(status=status.HTTP_403_FORBIDDEN)

[codecov]

Codecov Report

Merging #9117 (7fd45c4) into master (48e7613) will increase coverage by 0.00%.
The diff coverage is 100.00%.

@@           Coverage Diff           @@
##           master    #9117   +/-   ##
=======================================
  Coverage   60.71%   60.71%           
=======================================
  Files         805      805           
  Lines       49289    49294    +5     
  Branches     7589     7589           
=======================================
+ Hits        29924    29929    +5     
+ Misses      17705    17703    -2     
- Partials     1660     1662    +2