Skip to content

🔒 fix: Read-Only Edit Dialogs Without Manage Permission#11

Merged
dustinhealy merged 1 commit intomainfrom
dustin/edit-dialog-readonly
Apr 8, 2026
Merged

🔒 fix: Read-Only Edit Dialogs Without Manage Permission#11
dustinhealy merged 1 commit intomainfrom
dustin/edit-dialog-readonly

Conversation

@dustinhealy
Copy link
Copy Markdown
Contributor

Summary

When a user lacks MANAGE_ROLES or MANAGE_GROUPS capability, the edit role/group dialogs still allowed interacting with name and description fields, permission toggles, and the save button. This was misleading — the server would reject the mutation, but the UI didn't communicate that the user couldn't make changes.

Now when !canManage:

  • Name and description text fields are disabled + readOnly
  • Role permission toggles are disabled
  • Save button is disabled
  • Member add/remove controls were already correctly hidden (no change needed)

Change Type

  • Bug fix (non-breaking change which fixes an issue)

Testing

  1. Log in as a user with MANAGE_ROLES / MANAGE_GROUPS → open an edit dialog → confirm fields are editable and save works
  2. Remove MANAGE_ROLES grant from the user's role → refresh → open a role edit dialog → confirm:
    • Name and description inputs show cursor-not-allowed and can't be typed into
    • Permission toggles are non-interactive
    • Save button is greyed out / disabled
  3. Repeat step 2 for groups with MANAGE_GROUPS

Checklist

  • My code adheres to this project's style guidelines
  • I have performed a self-review of my own code
  • My changes do not introduce new warnings
  • Local unit tests pass with my changes

When a user doesn't have MANAGE_ROLES or MANAGE_GROUPS capability,
the name/description fields are now disabled and read-only,
permission toggles are disabled, and the save button is disabled.
@dustinhealy dustinhealy marked this pull request as ready for review April 8, 2026 00:04
@dustinhealy dustinhealy merged commit 13e9e74 into main Apr 8, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants