MODROLESKC-332: Cleanup capabilities in roles upon application revocation

[OleksiiKuzminov]

Purpose

Enable the entitledOnly query parameter on the _self permissions endpoint, so only permissions from entitled modules are returned. This aligns _self with the filtering behavior introduced for the main permissions lookup in MODUSERSKC-138.

Approach

• Added entitledOnly as an optional @RequestParam on UserPermissionsClient.getPermissionsUser() (Feign client interface).
• Passed entitledOnly=true in UserService.fetchPermissionUser() (the _self code path). The resolvePermissions path continues to pass null, preserving existing behavior.
• Updated WireMock stubs from exact url matching to urlPath + queryParameters to handle the new parameter in integration tests.
• Tightened unit test verify() calls to assert the exact arguments forwarded to the permissions client.

---

Pre-Review Checklist

• Self-reviewed Code — Reviewed code for issues, unnecessary parts, and overall quality.
• Change Notes — NEWS.md updated with clear description and issue key.
• Testing — Confirmed changes were tested locally or on dev environment.
• Breaking Changes — Handled all required actions if changes affect API, DB, or interface versions.
  • API/schema changes
  • Interface version updates
  • DB schema changes / migration scripts
• New Properties / Environment Variables — Updated README.md if new configs were added.
• Environment Recreation Test (if needed) — Verified that environment can be recreated successfully.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud