User without streams:read can attempt to save Event Definition without streams

[kingzacko1]

When a regular user without the streams:read permission is creating a Filter/Aggregation Event Definition the Streams field is listed as optional. But if the user tries to save their Event Definition without selecting any streams, they will receive a generic Not authorized error message. Server logs show that the failure is because the user doesn't have streams:read permissions, but nothing of that nature is displayed to the user

Expected Behavior

The Streams selector is made a required field if the user creating the event definition does not have global streams:read permissions.

Current Behavior

The Streams selector is optional for users without global streams:read permissions even though any attempt to leave it blank will result in an error.

Possible Solution

Make the optionality of the Streams field in the Event Definition dependent on the user's ability to actually read all streams.

Steps to Reproduce (for bugs)

1. Log in as a non-admin user with permissions to see at least one Stream and the Event Definition Creator role
2. Attempt to create an event definition without selecting any streams in the stream selector
3. When you finally confirm the creation, you should get a missing permissions page simply stating "Not authorized"

Context

Your Environment

• Graylog Version: 6.1.0-beta1