@@ -53,16 +53,23 @@ export default async function SettingsLayoutAppDir(props: SettingsLayoutProps) {
5353 // For now we only grab organization features but it would be nice to fetch these on the server side for specific team feature flags
5454 if ( orgId ) {
5555 const isOrgAdminOrOwner = checkAdminOrOwner ( session . user . org ?. role ) ;
56- const [ features , rolePermissions , organizationPermissions ] = await Promise . all ( [
57- getTeamFeatures ( orgId ) ,
58- getCachedResourcePermissions ( userId , orgId , Resource . Role ) ,
59- getCachedResourcePermissions ( userId , orgId , Resource . Organization ) ,
60- ] ) ;
56+ const features = await getTeamFeatures ( orgId ) ;
6157
6258 if ( features ) {
6359 teamFeatures = {
6460 [ orgId ] : features ,
6561 } ;
62+ }
63+
64+ // Check if PBAC feature is enabled
65+ const isPbacEnabled = features ?. pbac === true ;
66+
67+ if ( isPbacEnabled ) {
68+ // Only fetch and apply PBAC permissions if the feature is enabled
69+ const [ rolePermissions , organizationPermissions ] = await Promise . all ( [
70+ getCachedResourcePermissions ( userId , orgId , Resource . Role ) ,
71+ getCachedResourcePermissions ( userId , orgId , Resource . Organization ) ,
72+ ] ) ;
6673
6774 // Check if user has permission to read roles
6875 const roleActions = PermissionMapper . toActionMap ( rolePermissions , Resource . Role ) ;
@@ -71,7 +78,8 @@ export default async function SettingsLayoutAppDir(props: SettingsLayoutProps) {
7178 canViewOrganizationBilling = orgActions [ CustomAction . ManageBilling ] ?? isOrgAdminOrOwner ;
7279 canUpdateOrganization = orgActions [ CrudAction . Update ] ?? isOrgAdminOrOwner ;
7380 } else {
74- canViewRoles = false ;
81+ // Fall back to legacy permissions when PBAC is not enabled or features not loaded
82+ canViewRoles = features ? isOrgAdminOrOwner : false ;
7583 canViewOrganizationBilling = isOrgAdminOrOwner ;
7684 canUpdateOrganization = isOrgAdminOrOwner ;
7785 }
0 commit comments