manager icon indicating copy to clipboard operation
manager copied to clipboard
verified publisher icon linode

feat: [M3-7686] - Restricted access UX for Databases

Open zaenab-akamai opened this issue 1 year ago โ€ข 2 comments

Description ๐Ÿ“

To prevent unauthorized access to specific flows and provide clearer guidance, we aim to restrict entry to users without the required permissions.

The views under /databases have been updated to disable controls for restricted users

Changes ๐Ÿ”„

  • "Create Database Cluster" button on the landing page (with or without entries) is disabled for users without "add_databases" access
  • All buttons & inputs in the Summary, Backups, Resize, Settings tabs under Database details have been disabled for users with "read_only" access
  • Added a notification for restricted access users on the database details page

Target release date ๐Ÿ—“๏ธ

NA

Preview ๐Ÿ“ท

Before After
Screenshot 2024-08-20 at 10 12 41โ€ฏAM Screenshot 2024-08-20 at 10 13 07โ€ฏAM

How to test ๐Ÿงช

Verification steps

  1. Login as a user with full access and add databases. Grant read_only permissions to these new resources to the restricted user
  2. Login as the restricted user and navigate to the databases page. The "Create Database Cluster" button should be disabled
  3. Navigate to the details page for any database - You should see a notification. Besides that, all form inputs, buttons should be disabled.
  4. Login again as the user with unrestricted access and remove all access to all the databases for the restricted user. Login as the restricted user - the empty landing page for Databases should have the create button disabled.

As an Author I have considered ๐Ÿค”

Check all that apply

  • [ ] ๐Ÿ‘€ Doing a self review
  • [ ] โ” Our contribution guidelines
  • [ ] ๐Ÿค Splitting feature into small PRs
  • [ ] โž• Adding a changeset
  • [ ] ๐Ÿงช Providing/Improving test coverage
  • [ ] ๐Ÿ” Removing all sensitive information from the code and PR description
  • [ ] ๐Ÿšฉ Using a feature flag to protect the release
  • [ ] ๐Ÿ‘ฃ Providing comprehensive reproduction steps
  • [ ] ๐Ÿ“‘ Providing or updating our documentation
  • [ ] ๐Ÿ•› Scheduling a pair reviewing session
  • [ ] ๐Ÿ“ฑ Providing mobile support
  • [ ] โ™ฟ Providing accessibility support

zaenab-akamai avatar Aug 19 '24 06:08 zaenab-akamai

Changes look good!

Should we also disable the "Remove" buttons on Access Controls when the user has read-only permission?

Screenshot 2024-08-26 at 10 11 04โ€ฏAM

Hi Banks, thanks for pointing this out! I've updated the PR

zaenab-akamai avatar Aug 27 '24 04:08 zaenab-akamai

Coverage Report: โœ…
Base Coverage: 86.15%
Current Coverage: 86.16%

github-actions[bot] avatar Aug 27 '24 04:08 github-actions[bot]