Skip to content

fix: better rbac frontend UX for selecting permissions#2783

Merged
kmendell merged 1 commit into
breaking/v2.0.0from
fix/better-rbac
Jun 2, 2026
Merged

fix: better rbac frontend UX for selecting permissions#2783
kmendell merged 1 commit into
breaking/v2.0.0from
fix/better-rbac

Conversation

@kmendell

@kmendell kmendell commented Jun 1, 2026

Copy link
Copy Markdown
Member

Checklist

  • This PR is not opened from my fork’s main branch

What This PR Implements

Fixes:

Changes Made

Testing Done

  • Development environment started: ./scripts/development/dev.sh start
  • Frontend verified at http://localhost:3000
  • Backend verified at http://localhost:3552
  • Manual testing completed (describe):
  • No linting errors (e.g., just lint all)
  • Backend tests pass: just test backend

AI Tool Used (if applicable)

AI Tool:
Assistance Level:
What AI helped with:
I reviewed and edited all AI-generated output:
I ran all required tests and manually verified changes:

Additional Context

Disclaimer Greptiles Reviews use AI, make sure to check over its work.

To better help train Greptile on our codebase, if the comment is useful and valid Like the comment, if its not helpful or invalid Dislike

To have Greptile Re-Review the changes, mention greptileai.

Greptile Summary

This PR improves the RBAC frontend UX by replacing coarse "gate-all" permission middleware on the settings, customize-search, and roles-manifest endpoints with per-category filtering, allowing users with granular permissions to access only the categories they're entitled to. It also adds a PermissionPreset abstraction and a normalizePermissionSelection utility that auto-adds requires dependencies whenever a permission is toggled, surfaces a quick Admin/Editor role-assignment checkbox panel on the user form, and lets account-page users create API keys with an explicit permission picker backed by the full manifest.

  • Backend: RequirePermission middleware removed from read-only list/category/manifest endpoints; handlers now filter results based on the caller's actual permission set, returning an empty list to unauthenticated or unpermissioned callers rather than a hard 401.
  • Frontend: New normalizePermissionSelection utility propagates requires constraints transitively; preset bundles ("Editor", "Global Admin") are added to the picker; the account-page API-key flow is promoted to the full ApiKeyFormSheet component with permission selection.
  • Types: PermissionAction.requires, PermissionPreset, and User.isGlobalAdmin fields added to both Go and TypeScript type definitions.

Confidence Score: 5/5

Safe to merge; the backend permission-filtering logic is correctly defensive (nil permission set returns an empty result) and the frontend changes are well-scoped.

All backend handler changes correctly handle nil permission sets by returning empty results, so no data leaks exist for unauthenticated callers. The normalizePermissionSelection fixed-point loop is correct. The one regression found — the password card becoming visible to auto-login users — is a UX inconvenience rather than a data or security issue, and the backend would reject an invalid password-change attempt.

frontend/src/routes/(app)/account/+page.svelte — the !autoLoginEnabled guard was removed from the password card condition.

Comments Outside Diff (1)

  1. frontend/src/routes/(app)/account/+page.svelte, line 881-890 (link)

    P2 "Add key" click silently ignored if manifest not yet loaded

    showCreateKeyForm is set to true by the "Add key" button click before the {#if permissionsManifest} block renders the sheet. If the user clicks the button during the brief window between onMount starting and loadPermissionsManifest resolving, the sheet is not in the DOM yet and nothing visible happens. Consider keeping the sheet always mounted (removing the {#if}) or disabling the "Add key" button until permissionsManifest is non-null.

    Prompt To Fix With AI
    This is a comment left during a code review.
    Path: frontend/src/routes/(app)/account/+page.svelte
    Line: 881-890
    
    Comment:
    **"Add key" click silently ignored if manifest not yet loaded**
    
    `showCreateKeyForm` is set to `true` by the "Add key" button click before the `{#if permissionsManifest}` block renders the sheet. If the user clicks the button during the brief window between `onMount` starting and `loadPermissionsManifest` resolving, the sheet is not in the DOM yet and nothing visible happens. Consider keeping the sheet always mounted (removing the `{#if}`) or disabling the "Add key" button until `permissionsManifest` is non-null.
    
    How can I resolve this? If you propose a fix, please make it concise.

    Fix in Codex Fix in Claude Code

Fix All in Codex Fix All in Claude Code

Prompt To Fix All With AI
Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
frontend/src/routes/(app)/account/+page.svelte:310-311
The `!autoLoginEnabled` guard that previously protected this card was dropped, so local accounts that rely on server-side auto-login (where no traditional password exists) now see the password-change form. Submitting it will hit a backend error, which is confusing UX. `autoLoginEnabled` is still derived and used for the "Danger zone" card later in the file — it just needs to be kept in this condition too.

```suggestion
				<!-- Password -->
				{#if !isOidcUser && !autoLoginEnabled}
```

Reviews (3): Last reviewed commit: "fix: better rbac frontend UX for selecti..." | Re-trigger Greptile

kmendell commented Jun 1, 2026

Copy link
Copy Markdown
Member Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@kmendell kmendell marked this pull request as ready for review June 1, 2026 19:55
@kmendell kmendell requested a review from a team as a code owner June 1, 2026 19:55
Comment thread frontend/src/lib/config/navigation-config.ts
Comment thread frontend/src/lib/components/role-editor/permission-picker.svelte Outdated
Comment thread frontend/src/lib/config/navigation-config.ts Outdated
Comment thread frontend/src/lib/components/forms/role-assignments-editor.svelte
@kmendell kmendell changed the base branch from breaking/v2.0.0 to graphite-base/2783 June 1, 2026 23:44
@kmendell kmendell changed the base branch from graphite-base/2783 to main June 1, 2026 23:44
@graphite-app

graphite-app Bot commented Jun 1, 2026

Copy link
Copy Markdown

Graphite Automations

"Warn authors when publishing large PRs" took an action on this PR • (06/01/26)

1 teammate was notified to this PR based on Kyle Mendell's automation.

@kmendell kmendell changed the base branch from main to graphite-base/2783 June 1, 2026 23:50
@kmendell kmendell changed the base branch from graphite-base/2783 to breaking/v2.0.0 June 1, 2026 23:50
@kmendell kmendell closed this Jun 1, 2026
@kmendell kmendell reopened this Jun 1, 2026
@kmendell kmendell merged commit e7aefa3 into breaking/v2.0.0 Jun 2, 2026
21 of 22 checks passed
@kmendell kmendell deleted the fix/better-rbac branch June 2, 2026 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant