Users with xm.content.viewer role are unable to see xpages in the sitemap, unless they are assigned xm.content.author or xm.content.editor role.

This was tested in the following versions:

14.7.11 - Not reproducible. Xpages are visible with xm.content.viewer role.
15.1.4   - Not reproducible. Xpages are visible with xm.content.viewer role.

15.2.0    - Reproducible.
15.2.1    - Reproducible.

All the roles given to the user for testing this:
xm.channel.user, xm.channel.viewer, xm.cms.user, xm.console.user, xm.content.user, xm.content.viewer, xm.dashboard.user, xm.frontend-config.reader, xm.report.user, xm.repository-browser.user, xm.security.viewer, xm.system.user, xm.webfiles.reader

Explanation of issue

the userrole xm.content.viewer is by default used to assign jcr:read privilege to specific (content) jcr nodes. However, at this moment, the privilege we currently check on whether the user is allowed to see an XPage doc in the channel SiteMap is hippo:author. The reason is that we did not anticipate customers using the 'xm.content.viewer' userrole ever but always either xm.content.author or xm.content.editor or xm.content.admin. As the only real relevant check is read access, we can simply change the privilege check from hippo:author to jcr:read