Comment 0 for bug 1953675

We got a customer report saying that they couldn't access snapd revision 13640 by using a command like this one:

UBUNTU_STORE_ID=brand-store-id UBUNTU_STORE_AUTH_DATA_FILENAME=store-viewer.credentials snap download --revision=13640 snapd

I investigated further and the snap store ACL API endpoint was returning "false" for "allowed_by_revision":

{
    "user_external_id": "usso:https://login.ubuntu.com/+id/openid-suffix",
    "permissions": {
        "PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4": {
            "allowed_if_private": false,
            "allowed_by_revision": false
        }
    }
}

Checking deep in our backend code, the checks need to consider essential snaps as part of any store.

Separately, the help for `snap download` should be extended to say that any user with store viewer role can access snaps by revision if the snap is available from their store.