fix(ESSNTL-5253): Change required permissions for tabs (#2003)

Fixes https://issues.redhat.com/browse/ESSNTL-5253.
RedHatInsights · Aug 30, 2023 · d0904bd · d0904bd
1 parent d664411
commit d0904bd
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 15 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -13,7 +13,7 @@
     "@patternfly/react-table": "^4.113.3",
     "@patternfly/react-core": "^4.276.11",
     "@patternfly/react-icons": "^4.93.7",
-    "@redhat-cloud-services/frontend-components": "^3.11.3",
+    "@redhat-cloud-services/frontend-components": "^3.11.6",
     "@redhat-cloud-services/frontend-components-notifications": "^3.2.16",
     "@redhat-cloud-services/frontend-components-utilities": "^3.7.6",
     "@redhat-cloud-services/host-inventory-client": "1.2.3",

diff --git a/src/App.js b/src/App.js
@@ -9,7 +9,10 @@ const App = () => {
   return (
     <div className="inventory">
       <NotificationsPortal />
-      <RBACProvider appName="inventory" checkResourceDefinitions>
+      <RBACProvider
+        appName={null /* fetch permissions from all scopes */}
+        checkResourceDefinitions
+      >
         <Routes />
       </RBACProvider>
     </div>

diff --git a/src/ApplicationTab.js b/src/ApplicationTab.js
@@ -12,8 +12,10 @@ import {
 import { TAB_REQUIRED_PERMISSIONS } from './constants';
 
 const ApplicationTab = ({ appName, title, ...props }) => {
-  const { hasAccess } = usePermissionsWithContext(
-    TAB_REQUIRED_PERMISSIONS[appName]
+  const { hasAccess, isOrgAdmin } = usePermissionsWithContext(
+    TAB_REQUIRED_PERMISSIONS[appName],
+    true,
+    false
   );
 
   const tabs = {
@@ -26,7 +28,7 @@ const ApplicationTab = ({ appName, title, ...props }) => {
 
   const Tab = tabs[appName];
 
-  return hasAccess ? (
+  return hasAccess || isOrgAdmin ? (
     <Tab {...props} />
   ) : (
     <AccessDenied

diff --git a/src/constants.js b/src/constants.js
@@ -249,24 +249,22 @@ export const USER_ACCESS_ADMIN_PERMISSIONS = ['rbac:*:*'];
 export const TAB_REQUIRED_PERMISSIONS = {
   /**
    * Should be up to date with
-   * https://github.com/RedHatInsights/rbac-config/tree/88ab3a3adb9526d3dcdb0e1e26c30cc98f51f76e/configs/prod/roles
+   * https://github.com/RedHatInsights/rbac-config/tree/master/configs/stage/roles
    * viewer roles.
    */
-  advisor: ['advisor:*:*', 'inventory:*:read'],
+  advisor: [],
   vulnerability: [
     'vulnerability:vulnerability_results:read',
     'vulnerability:system.opt_out:read',
     'vulnerability:report_and_export:read',
-    'inventory:*:read',
     'vulnerability:advanced_report:read',
   ],
   compliance: [
     'compliance:policy:read',
     'compliance:report:read',
     'compliance:system:read',
-    'inventory:*:read',
     'remediations:remediation:read',
   ],
-  patch: ['patch:*:read', 'inventory:*:read'],
-  ros: ['ros:*:read', 'inventory:*:read'],
+  patch: ['patch:*:read'],
+  ros: ['ros:*:read'],
 };