fix: add SELF auth role so users can remove themselves from a workspace (#16066)

Author: cjkenned

airbyte-api/server-api/src/main/openapi/config.yaml

@@ -13602,17 +13602,13 @@ components:
     PermissionDeleteUserFromWorkspaceRequestBody:
       type: object
       required:
-        - userIdToRemove
+        - userId
         - workspaceId
       properties:
-        userIdToRemove:
-          type: string
-          format: uuid
-          description: The user ID for which to remove workspace permissions
+        userId:
+          $ref: "#/components/schemas/UserId"
         workspaceId:
-          type: string
-          format: uuid
-          description: The workspace ID from which to remove all workspace-level permissions for the indicated user
+          $ref: "#/components/schemas/WorkspaceId"
     PermissionRead:
       type: object
       required:

airbyte-commons-server/src/main/java/io/airbyte/commons/server/handlers/PermissionHandler.java

@@ -429,7 +429,7 @@ public void deletePermission(final PermissionIdRequestBody permissionIdRequestBo
    */
   public void deleteUserFromWorkspace(final PermissionDeleteUserFromWorkspaceRequestBody deleteUserFromWorkspaceRequestBody)
       throws IOException {
-    final UUID userId = deleteUserFromWorkspaceRequestBody.getUserIdToRemove();
+    final UUID userId = deleteUserFromWorkspaceRequestBody.getUserId();
     final UUID workspaceId = deleteUserFromWorkspaceRequestBody.getWorkspaceId();
 
     // delete all workspace-level permissions that match the userId and workspaceId

airbyte-commons-server/src/test/java/io/airbyte/commons/server/handlers/PermissionHandlerTest.java

@@ -712,7 +712,7 @@ void testDeleteUserFromWorkspace() throws Exception {
       when(permissionPersistence.listPermissionsByUser(USER_ID)).thenReturn(
           List.of(workspacePermission, otherWorkspacePermission, orgPermission));
 
-      permissionHandler.deleteUserFromWorkspace(new PermissionDeleteUserFromWorkspaceRequestBody().userIdToRemove(USER_ID).workspaceId(WORKSPACE_ID));
+      permissionHandler.deleteUserFromWorkspace(new PermissionDeleteUserFromWorkspaceRequestBody().userId(USER_ID).workspaceId(WORKSPACE_ID));
 
       // verify the intended permission was deleted
       verify(permissionService).deletePermissions(List.of(workspacePermission.getPermissionId()));

airbyte-server/src/main/kotlin/io/airbyte/server/apis/controllers/PermissionApiController.kt

@@ -102,7 +102,7 @@ open class PermissionApiController(
     }
   }
 
-  @Secured(AuthRoleConstants.ORGANIZATION_ADMIN, AuthRoleConstants.WORKSPACE_ADMIN)
+  @Secured(AuthRoleConstants.ORGANIZATION_ADMIN, AuthRoleConstants.WORKSPACE_ADMIN, AuthRoleConstants.SELF)
   @Post("/delete_user_from_workspace")
   override fun deleteUserFromWorkspace(
     @Body permissionDeleteUserFromWorkspaceRequestBody: PermissionDeleteUserFromWorkspaceRequestBody,