Fix Project Location map link permissions

[martha]

Please squash merge this PR

Description

PIT QA fix for: https://github.com/open-path/Green-River/issues/6481#issuecomment-2389756617

Bug: For a user using legacy permissions (not ACLs), you can still see the "Client Locations" link in the Warehouse Project page, even if you don't have the permission to view project locations.

The issue is that the Project's viewable_by_entity scope accepts a permission arg, but only uses the permission if the user is using ACLs. If they are using legacy access controls then it just checks viewability.

Fix: Per @gigxz 's suggestion I've simplified the permission check so it's not ACL-compatible, since this view on the whole is not ACL-ready (it is also using can_edit_projects? and can_delete_projects? without checking against the specific entity).

(I thought I checked this case before but was likely fooled by local caching.)

Type of change

• [x] Bug fix
• [ ] New feature (adds functionality)
• [ ] Code clean-up / housekeeping
• [ ] Dependency update

Checklist before requesting review

• [x] I have performed a self-review of my code
• [x] I have run the code that is being changed under ideal conditions, and it doesn't fail
• [x] My code includes comments and/or descriptive variable names to help other engineers understand the intent (or not applicable)
• [x] My code follows the style guidelines of this project (rubocop)
• [x] I have updated the documentation (or not applicable)
• [x] If it's not obvious how to test this change, I have provided testing instructions in this PR or the related issue

[eanders]

@martha I'd like to dig into why this isn't ACL ready yet. Project.viewable_by defers to Project.viewable_by_entity, which is setup to handle ACLs. Was it just that it's not setup to handle multiple permissions for a single entity?