Fix access_rules_controller permissions query

- Replace non-existent readable_space_scoped_space_guids_query with proper subquery
- Use readable_space_scoped_spaces_query for non-global readers
- Handle global readers separately with all routes

Author: rkoster

app/controllers/v3/access_rules_controller.rb

@@ -107,10 +107,12 @@ def destroy
   def build_dataset(message)
     dataset = VCAP::CloudController::RouteAccessRule.dataset
 
-    readable_route_ids = VCAP::CloudController::Route.
-      join(:spaces, id: :space_id).
-      where(Sequel.lit(permission_queryer.readable_space_scoped_space_guids_query)).
-      select(:routes__id)
+    if permission_queryer.can_read_globally?
+      readable_route_ids = VCAP::CloudController::Route.select(:id)
+    else
+      readable_space_ids = permission_queryer.readable_space_scoped_spaces_query.select(:id)
+      readable_route_ids = VCAP::CloudController::Route.where(space_id: readable_space_ids).select(:id)
+    end
 
     dataset = dataset.where(route_id: readable_route_ids)