🔒 fix: Read-Only Edit Dialogs Without Manage Permission

[dustinhealy]

Summary

When a user lacks MANAGE_ROLES or MANAGE_GROUPS capability, the edit role/group dialogs still allowed interacting with name and description fields, permission toggles, and the save button. This was misleading — the server would reject the mutation, but the UI didn't communicate that the user couldn't make changes.

Now when !canManage:

• Name and description text fields are disabled + readOnly
• Role permission toggles are disabled
• Save button is disabled
• Member add/remove controls were already correctly hidden (no change needed)

Change Type

• Bug fix (non-breaking change which fixes an issue)

Testing

1. Log in as a user with MANAGE_ROLES / MANAGE_GROUPS → open an edit dialog → confirm fields are editable and save works
2. Remove MANAGE_ROLES grant from the user's role → refresh → open a role edit dialog → confirm:
   • Name and description inputs show cursor-not-allowed and can't be typed into
   • Permission toggles are non-interactive
   • Save button is greyed out / disabled
3. Repeat step 2 for groups with MANAGE_GROUPS

Checklist

• My code adheres to this project's style guidelines
• I have performed a self-review of my own code
• My changes do not introduce new warnings
• Local unit tests pass with my changes