Allow FGA with view-clients to see client roles (#30834)

Signed-off-by: Stan Silvert <ssilvert@redhat.com>
2024-07-01 08:50:30 -04:00 · 2024-07-01 08:50:30 -04:00 · fd8cb95595
commit fd8cb95595
parent ea0f569bd0
2 changed files with 17 additions and 9 deletions
--- a/js/apps/admin-ui/src/clients/routes/ClientRole.tsx
+++ b/js/apps/admin-ui/src/clients/routes/ClientRole.tsx
@ -23,7 +23,7 @@ export const ClientRoleRoute: AppRouteObject = {
  element: <RealmRoleTabs />,
  breadcrumb: (t) => t("roleDetails"),
  handle: {
-    access: "view-clients",
+    access: "query-clients",
  },
 } satisfies AppRouteObject;

--- a/js/apps/admin-ui/src/realm-roles/RealmRoleTabs.tsx
+++ b/js/apps/admin-ui/src/realm-roles/RealmRoleTabs.tsx
@ -52,6 +52,7 @@ import { useParams } from "../utils/useParams";
 import { UsersInRoleTab } from "./UsersInRoleTab";
 import { RealmRoleRoute, RealmRoleTab, toRealmRole } from "./routes/RealmRole";
 import { toRealmRoles } from "./routes/RealmRoles";
+import { useAccess } from "../context/access/Access";

 export default function RealmRoleTabs() {
  const { adminClient } = useAdminClient();
@ -76,6 +77,12 @@ export default function RealmRoleTabs() {

  const { addAlert, addError } = useAlerts();

+  const { hasAccess } = useAccess();
+  const canViewPermissionsTab = hasAccess(
+    "query-clients",
+    "manage-authorization",
+  );
+
  const [open, setOpen] = useState(false);
  const convert = (role: RoleRepresentation) => {
    const { attributes, ...rest } = role;
@ -385,14 +392,15 @@ export default function RealmRoleTabs() {
                <UsersInRoleTab data-cy="users-in-role-tab" />
              </Tab>
            )}
-            {isFeatureEnabled(Feature.AdminFineGrainedAuthz) && (
-              <Tab
-                title={<TabTitleText>{t("permissions")}</TabTitleText>}
-                {...permissionsTab}
-              >
-                <PermissionsTab id={id} type="roles" />
-              </Tab>
-            )}
+            {isFeatureEnabled(Feature.AdminFineGrainedAuthz) &&
+              canViewPermissionsTab && (
+                <Tab
+                  title={<TabTitleText>{t("permissions")}</TabTitleText>}
+                  {...permissionsTab}
+                >
+                  <PermissionsTab id={id} type="roles" />
+                </Tab>
+              )}
          </RoutableTabs>
        </FormProvider>
      </PageSection>