fix(security): address review feedback on security page refactor

jvorcak · jvorcak · commit 8922949254f7 · 2026-04-29T10:17:53.000+02:00
- Use ConnectError.from() for structured error messages in role creation
- Include member name in remove-from-role toast notification
- Replace raw &lt;h2&gt; with Heading registry component in acls-card
- Use pluralizeWithNumber() for ACL count summary text
- Use &lt;Empty&gt; component for inline no-ACLs state in PrincipalRow
- Improve empty states in roles and users tabs with &lt;Empty&gt; registry component
- Navigate to user details after creation in E2E security-page helper
diff --git a/frontend/src/components/pages/security/roles/role-create-dialog.tsx b/frontend/src/components/pages/security/roles/role-create-dialog.tsx
@@ -55,7 +55,7 @@ export const RoleCreateDialog = ({ open, onOpenChange }: RoleCreateDialogProps)
       handleClose();
       navigate({ to: '/security/roles/$roleName/details', params: { roleName: encodeURIComponent(trimmed) } });
     } catch (err) {
-      toast.error(`Failed to create role: ${err instanceof Error ? err.message : String(err)}`);
+      toast.error(`Failed to create role: ${ConnectError.from(err).message}`);
     } finally {
       setIsSubmitting(false);
     }
diff --git a/frontend/src/components/pages/security/roles/role-detail-page.tsx b/frontend/src/components/pages/security/roles/role-detail-page.tsx
@@ -11,7 +11,7 @@
 
 import { create } from '@bufbuild/protobuf';
 import { getRouteApi } from '@tanstack/react-router';
-import { Trash2 } from 'lucide-react';
+import { Trash2, Users2Icon } from 'lucide-react';
 import {
   ListRoleMembersRequestSchema,
   UpdateRoleMembershipRequestSchema,
@@ -26,6 +26,14 @@ import { useListUsersQuery } from '../../../../react-query/api/user';
 import { setPageHeader } from '../../../../state/ui-state';
 import { Button } from '../../../redpanda-ui/components/button';
 import { Combobox } from '../../../redpanda-ui/components/combobox';
+import {
+  Empty,
+  EmptyContent,
+  EmptyDescription,
+  EmptyHeader,
+  EmptyMedia,
+  EmptyTitle,
+} from '../../../redpanda-ui/components/empty';
 import { ListLayout, ListLayoutContent, ListLayoutFilters } from '../../../redpanda-ui/components/list-layout';
 import { Table, TableBody, TableCell, TableRow } from '../../../redpanda-ui/components/table';
 import { parsePrincipal } from '../shared/acl-model';
@@ -97,7 +105,7 @@ const RoleDetailPage = () => {
           create: false,
         })
       );
-      toast.success('Member removed from role successfully');
+      toast.success(`User "${parsePrincipal(memberPrincipal).name}" removed from role`);
     } catch {
       // Error handled by onError in mutation
     } finally {
@@ -131,7 +139,28 @@ const RoleDetailPage = () => {
           {membersLoading ? (
             <div className="py-4 text-center text-muted-foreground text-sm">Loading members...</div>
           ) : allMembers.length === 0 ? (
-            <p className="text-muted-foreground text-sm">No principals assigned to this role.</p>
+            <Empty>
+              <EmptyHeader>
+                <EmptyMedia variant="icon">
+                  <Users2Icon />
+                </EmptyMedia>
+                <EmptyTitle>No principals assigned</EmptyTitle>
+                <EmptyDescription>
+                  Assign users to this role to grant them its permissions. Use the dropdown above to add a principal.
+                </EmptyDescription>
+              </EmptyHeader>
+              <EmptyContent>
+                <Button asChild variant="link">
+                  <a
+                    href="https://docs.redpanda.com/current/manage/security/authorization/rbac/"
+                    rel="noopener noreferrer"
+                    target="_blank"
+                  >
+                    Read the docs →
+                  </a>
+                </Button>
+              </EmptyContent>
+            </Empty>
           ) : (
             <Table>
               <TableBody>
diff --git a/frontend/src/components/pages/security/shared/acls-card.tsx b/frontend/src/components/pages/security/shared/acls-card.tsx
@@ -10,6 +10,7 @@
  */
 
 import { create } from '@bufbuild/protobuf';
+import { KeyRoundIcon } from 'lucide-react';
 import {
   ACL_Operation,
   ACL_PermissionType,
@@ -40,6 +41,14 @@ import {
   DialogHeader,
   DialogTitle,
 } from '../../../redpanda-ui/components/dialog';
+import {
+  Empty,
+  EmptyContent,
+  EmptyDescription,
+  EmptyHeader,
+  EmptyMedia,
+  EmptyTitle,
+} from '../../../redpanda-ui/components/empty';
 import { ListLayout, ListLayoutContent, ListLayoutFilters } from '../../../redpanda-ui/components/list-layout';
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from '../../../redpanda-ui/components/table';
 import { AddAclDialog } from '../users/add-acl-dialog';
@@ -201,11 +210,34 @@ export const AclsCard = ({ acls, principal }: AclsCardProps) => {
             </div>
           }
         >
-          <h2 className="font-semibold text-base">ACLs</h2>
+          <Heading as="h2" level={4}>
+            ACLs
+          </Heading>
         </ListLayoutFilters>
         <ListLayoutContent>
           {rows.length === 0 ? (
-            <p>No ACLs assigned.</p>
+            <Empty>
+              <EmptyHeader>
+                <EmptyMedia variant="icon">
+                  <KeyRoundIcon />
+                </EmptyMedia>
+                <EmptyTitle>No ACLs assigned</EmptyTitle>
+                <EmptyDescription>
+                  Add ACLs to define what operations this role can perform on cluster resources.
+                </EmptyDescription>
+              </EmptyHeader>
+              <EmptyContent>
+                <Button asChild variant="link">
+                  <a
+                    href="https://docs.redpanda.com/current/manage/security/authorization/acls/"
+                    rel="noopener noreferrer"
+                    target="_blank"
+                  >
+                    Read the docs →
+                  </a>
+                </Button>
+              </EmptyContent>
+            </Empty>
           ) : (
             <Table>
               <TableHeader>
diff --git a/frontend/src/components/pages/security/tabs/permissions-list-tab.tsx b/frontend/src/components/pages/security/tabs/permissions-list-tab.tsx
@@ -12,8 +12,16 @@
 import { create } from '@bufbuild/protobuf';
 import { Link } from '@tanstack/react-router';
 import { MoreHorizontalIcon } from 'components/icons';
+import {
+  Empty,
+  EmptyContent,
+  EmptyDescription,
+  EmptyHeader,
+  EmptyMedia,
+  EmptyTitle,
+} from 'components/redpanda-ui/components/empty';
 import { ListLayout, ListLayoutContent, ListLayoutFilters } from 'components/redpanda-ui/components/list-layout';
-import { ChevronDown, ChevronRight, ExternalLink, ShieldIcon } from 'lucide-react';
+import { ChevronDown, ChevronRight, ExternalLink, KeyRoundIcon, ShieldIcon } from 'lucide-react';
 import { parseAsString, useQueryState } from 'nuqs';
 import {
   ACL_Operation,
@@ -88,13 +96,13 @@ const PrincipalRow: FC<PrincipalRowProps> = ({ group, isExpanded, onToggle, onDe
 
   const summaryText = (() => {
     if (group.directAclCount > 0 && group.inheritedAclCount > 0) {
-      return `${group.directAclCount} direct ACL${group.directAclCount !== 1 ? 's' : ''}, ${group.inheritedAclCount} ACL${group.inheritedAclCount !== 1 ? 's' : ''} inherited from roles`;
+      return `${pluralizeWithNumber(group.directAclCount, 'direct ACL')}, ${pluralizeWithNumber(group.inheritedAclCount, 'ACL')} inherited from roles`;
     }
     if (group.inheritedAclCount > 0) {
-      return `${group.inheritedAclCount} ACL${group.inheritedAclCount !== 1 ? 's' : ''} inherited from roles`;
+      return `${pluralizeWithNumber(group.inheritedAclCount, 'ACL')} inherited from roles`;
     }
     if (group.directAclCount > 0) {
-      return `${group.directAclCount} direct ACL${group.directAclCount !== 1 ? 's' : ''}`;
+      return pluralizeWithNumber(group.directAclCount, 'direct ACL');
     }
     return 'No ACLs';
   })();
@@ -240,7 +248,11 @@ const PrincipalRow: FC<PrincipalRowProps> = ({ group, isExpanded, onToggle, onDe
         )}
 
         {isExpanded && !hasAcls && (
-          <div className="border-t px-3 py-4 text-muted-foreground text-sm">No ACLs assigned.</div>
+          <Empty className="rounded-none border-x-0 border-b-0 border-dashed py-6">
+            <EmptyHeader>
+              <EmptyTitle>No ACLs assigned</EmptyTitle>
+            </EmptyHeader>
+          </Empty>
         )}
       </div>
     </>
@@ -378,9 +390,37 @@ export const PermissionsListTab: FC = () => {
           {isAclsLoading ? (
             <div className="py-8 text-center text-muted-foreground text-sm">Loading...</div>
           ) : filteredGroups.length === 0 ? (
-            <div className="py-8 text-center text-muted-foreground text-sm">
-              {searchQuery ? 'No principals match your search.' : 'No principals yet.'}
-            </div>
+            searchQuery ? (
+              <div className="py-8 text-center text-muted-foreground text-sm">No principals match your search.</div>
+            ) : (
+              <div className="rounded-md border">
+                <Empty>
+                  <EmptyHeader>
+                    <EmptyMedia variant="icon">
+                      <KeyRoundIcon />
+                    </EmptyMedia>
+                    <EmptyTitle>No permissions yet</EmptyTitle>
+                    <EmptyDescription>
+                      A unified view of all principal permissions across your cluster. Create an ACL to get started.
+                    </EmptyDescription>
+                  </EmptyHeader>
+                  <EmptyContent>
+                    <div className="flex items-center gap-3">
+                      <Button onClick={() => setCreateAclOpen(true)}>Create ACL</Button>
+                      <Button asChild variant="link">
+                        <a
+                          href="https://docs.redpanda.com/current/manage/security/authorization/acls/"
+                          rel="noopener noreferrer"
+                          target="_blank"
+                        >
+                          Read the docs →
+                        </a>
+                      </Button>
+                    </div>
+                  </EmptyContent>
+                </Empty>
+              </div>
+            )
           ) : (
             <div className="rounded-md border">
               {filteredGroups.map((group) => (
diff --git a/frontend/src/components/pages/security/tabs/roles-tab.tsx b/frontend/src/components/pages/security/tabs/roles-tab.tsx
@@ -34,13 +34,22 @@ import {
   DropdownMenuItem,
   DropdownMenuTrigger,
 } from 'components/redpanda-ui/components/dropdown-menu';
+import {
+  Empty,
+  EmptyContent,
+  EmptyDescription,
+  EmptyHeader,
+  EmptyMedia,
+  EmptyTitle,
+} from 'components/redpanda-ui/components/empty';
 import {
   ListLayout,
   ListLayoutContent,
   ListLayoutFilters,
   ListLayoutPagination,
   ListLayoutSearchInput,
 } from 'components/redpanda-ui/components/list-layout';
+import { ShieldCheckIcon } from 'lucide-react';
 import { parseAsString, useQueryStates } from 'nuqs';
 import { DeleteRoleRequestSchema } from 'protogen/redpanda/api/dataplane/v1/security_pb';
 import type { FC } from 'react';
@@ -264,9 +273,36 @@ export const RolesTab: FC = () => {
                   </TableRow>
                 ))
               ) : (
-                <TableRow>
-                  <TableCell className="text-center text-muted-foreground" colSpan={columns.length}>
-                    No roles yet.
+                <TableRow className="hover:bg-transparent!">
+                  <TableCell colSpan={columns.length}>
+                    <Empty>
+                      <EmptyHeader>
+                        <EmptyMedia variant="icon">
+                          <ShieldCheckIcon />
+                        </EmptyMedia>
+                        <EmptyTitle>No roles yet</EmptyTitle>
+                        <EmptyDescription>
+                          Roles are groups of ACLs that can be assigned to principals. Create one to start managing
+                          access control.
+                        </EmptyDescription>
+                      </EmptyHeader>
+                      <EmptyContent>
+                        <div className="flex items-center gap-3">
+                          <Button disabled={createRoleDisabled} onClick={() => setCreateDialogOpen(true)}>
+                            Create role
+                          </Button>
+                          <Button asChild variant="link">
+                            <a
+                              href="https://docs.redpanda.com/current/manage/security/authorization/rbac/"
+                              rel="noopener noreferrer"
+                              target="_blank"
+                            >
+                              Read the docs →
+                            </a>
+                          </Button>
+                        </div>
+                      </EmptyContent>
+                    </Empty>
                   </TableCell>
                 </TableRow>
               )}
diff --git a/frontend/src/components/pages/security/tabs/users-tab.tsx b/frontend/src/components/pages/security/tabs/users-tab.tsx
@@ -29,13 +29,22 @@ import {
 } from '@tanstack/react-table';
 import { MoreHorizontalIcon } from 'components/icons';
 import { DescriptionWithHelp } from 'components/pages/security/shared/description-with-help';
+import {
+  Empty,
+  EmptyContent,
+  EmptyDescription,
+  EmptyHeader,
+  EmptyMedia,
+  EmptyTitle,
+} from 'components/redpanda-ui/components/empty';
 import {
   ListLayout,
   ListLayoutContent,
   ListLayoutFilters,
   ListLayoutPagination,
   ListLayoutSearchInput,
 } from 'components/redpanda-ui/components/list-layout';
+import { UsersIcon } from 'lucide-react';
 import { parseAsArrayOf, parseAsString, useQueryStates } from 'nuqs';
 import type { FC } from 'react';
 import { useCallback, useLayoutEffect, useMemo, useState } from 'react';
@@ -342,9 +351,41 @@ export const UsersTab: FC = () => {
                   </TableRow>
                 ))
               ) : (
-                <TableRow>
-                  <TableCell className="text-center text-muted-foreground" colSpan={columns.length}>
-                    No users yet.
+                <TableRow className="hover:bg-transparent!">
+                  <TableCell colSpan={columns.length}>
+                    <Empty>
+                      <EmptyHeader>
+                        <EmptyMedia variant="icon">
+                          <UsersIcon />
+                        </EmptyMedia>
+                        <EmptyTitle>No users yet</EmptyTitle>
+                        <EmptyDescription>
+                          SASL-SCRAM user accounts managed by your cluster. Create one to start managing access.
+                        </EmptyDescription>
+                      </EmptyHeader>
+                      <EmptyContent>
+                        <div className="flex items-center gap-3">
+                          <Button
+                            disabled={createDisabled}
+                            onClick={() => {
+                              setCreateDialogKey((k) => k + 1);
+                              setIsCreateDialogOpen(true);
+                            }}
+                          >
+                            Create user
+                          </Button>
+                          <Button asChild variant="link">
+                            <a
+                              href="https://docs.redpanda.com/current/manage/security/authentication/scram/"
+                              rel="noopener noreferrer"
+                              target="_blank"
+                            >
+                              Read the docs →
+                            </a>
+                          </Button>
+                        </div>
+                      </EmptyContent>
+                    </Empty>
                   </TableCell>
                 </TableRow>
               )}
diff --git a/frontend/tests/test-variant-console/utils/security-page.ts b/frontend/tests/test-variant-console/utils/security-page.ts
@@ -65,6 +65,8 @@ export class SecurityPage {
       await this.fillUsername(username);
       await this.submitUserCreation();
       await this.page.getByTestId('user-created-successfully').waitFor({ state: 'visible' });
+      await this.page.getByTestId('go-to-user-details-button').click();
+      await this.page.waitForURL(`**/security/users/${username}/details`);
     });
   }
 

Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ export const RoleCreateDialog = ({ open, onOpenChange }: RoleCreateDialogProps)`
`55`	`55`	`handleClose();`
`56`	`56`	`navigate({ to: '/security/roles/$roleName/details', params: { roleName: encodeURIComponent(trimmed) } });`
`57`	`57`	`} catch (err) {`
`58`		- toast.error(`Failed to create role: ${err instanceof Error ? err.message : String(err)}`);
	`58`	+ toast.error(`Failed to create role: ${ConnectError.from(err).message}`);
`59`	`59`	`} finally {`
`60`	`60`	`setIsSubmitting(false);`
`61`	`61`	`}`
Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,8 @@ export class SecurityPage {`
`65`	`65`	`await this.fillUsername(username);`
`66`	`66`	`await this.submitUserCreation();`
`67`	`67`	`await this.page.getByTestId('user-created-successfully').waitFor({ state: 'visible' });`
	`68`	`+ await this.page.getByTestId('go-to-user-details-button').click();`
	`69`	+ await this.page.waitForURL(`**/security/users/${username}/details`);
`68`	`70`	`});`
`69`	`71`	`}`
`70`	`72`