fix: Allow users with report_manage permission to access CSAT reports (#11625)

- Extended CsatSurveyResponsePolicy to support report_manage permission
- Added enterprise extension module following existing pattern
- Users with report_manage custom role can now access CSAT index,
metrics, and download
- Added comprehensive tests for both base and enterprise policy behavior

app/policies/csat_survey_response_policy.rb

@@ -11,3 +11,5 @@ class CsatSurveyResponsePolicy < ApplicationPolicy
     @account_user.administrator?
   end
 end
+
+CsatSurveyResponsePolicy.prepend_mod_with('CsatSurveyResponsePolicy')

enterprise/app/policies/enterprise/csat_survey_response_policy.rb

@@ -0,0 +1,13 @@
+module Enterprise::CsatSurveyResponsePolicy
+  def index?
+    @account_user.custom_role&.permissions&.include?('report_manage') || super
+  end
+
+  def metrics?
+    @account_user.custom_role&.permissions&.include?('report_manage') || super
+  end
+
+  def download?
+    @account_user.custom_role&.permissions&.include?('report_manage') || super
+  end
+end

spec/enterprise/policies/csat_survey_response_policy_spec.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Enterprise::CsatSurveyResponsePolicy', type: :policy do
+  subject(:csat_policy) { CsatSurveyResponsePolicy }
+
+  let(:account) { create(:account) }
+  let(:csat_survey_response) { create(:csat_survey_response, account: account) }
+
+  # Create a custom role with report_manage permission
+  let(:custom_role) { create(:custom_role, account: account, permissions: ['report_manage']) }
+  let(:agent_with_role) { create(:user) } # Create without account
+  let(:agent_with_role_account_user) do
+    create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
+  end
+  let(:agent_with_role_context) do
+    { user: agent_with_role, account: account, account_user: agent_with_role_account_user }
+  end
+
+  permissions :index?, :metrics?, :download? do
+    context 'when agent with report_manage permission' do
+      it { expect(csat_policy).to permit(agent_with_role_context, csat_survey_response) }
+    end
+  end
+end

spec/policies/csat_survey_response_policy_spec.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe CsatSurveyResponsePolicy, type: :policy do
+  subject(:csat_policy) { described_class }
+
+  let(:account) { create(:account) }
+  let(:administrator) { create(:user, :administrator, account: account) }
+  let(:agent) { create(:user, account: account) }
+  let(:csat_survey_response) { create(:csat_survey_response, account: account) }
+
+  let(:administrator_context) { { user: administrator, account: account, account_user: account.account_users.first } }
+  let(:agent_context) { { user: agent, account: account, account_user: account.account_users.last } }
+
+  permissions :index?, :metrics?, :download? do
+    context 'when administrator' do
+      it { expect(csat_policy).to permit(administrator_context, csat_survey_response) }
+    end
+
+    context 'when agent' do
+      it { expect(csat_policy).not_to permit(agent_context, csat_survey_response) }
+    end
+  end
+end