Add permission support to validate 404 on denial and multi permissions
The current testing framework does not handle 404s on denial. This behaviour is consistent with foreman, 404 instead of 403 if object not authorized. 403 is only when route is not authorized.
We need to add support to this.
The current authorization does not handle multi permissions also. For example destroy_content_views and promote_or_remove_content_views either support 'removing' a content view. However the controller authorizer does not handle this correctly.
This commit enables checking authorizing a specific instance and ensure
that it handles 404 correctly.
It also adds support for multi possible permissions for same action.
For example destroy_content_views and promote_or_remove_content_views
Either support 'removing' a content view.
This commit adds support to handle that.