fix: [PROD-14244] remove dataset & scenario sharing button for viewer role

csm-thu · csm-thu · commit 17ee19e884e7 · 2025-02-21T17:01:01.000+01:00
Since versions 3.3.2 and 4.1.0, the Cosmo Tech API has disabled the possibility for the role "viewer" to enumerate users and their roles when fetching resources and their security data. This commit hides the dataset & scenario sharing buttons for users when their role on the resource is "viewer", to prevent having a dialog with an empty access-control list. (cherry picked from commit 45de6bc)
diff --git a/src/services/config/ApiConstants.js b/src/services/config/ApiConstants.js
@@ -91,7 +91,7 @@ export const DATASET_SOURCES = [
 ];
 
 export const DATASET_PERMISSIONS_MAPPING = {
-  viewer: ['read', 'read_security'],
+  viewer: ['read'],
   editor: ['read', 'read_security', 'write'],
   admin: ['read', 'read_security', 'write', 'write_security', 'delete'],
 };
diff --git a/src/state/commons/DatasetConstants.js b/src/state/commons/DatasetConstants.js
@@ -26,7 +26,7 @@ export const DATASET_TWINGRAPH_QUERIES_RESULTS_ACTIONS = {
   RESET: 'RESET_DATASET_TWINGRAPH_QUERIES_RESULTS',
 };
 export const DATASET_PERMISSIONS_MAPPING = {
-  viewer: ['read', 'read_security'],
+  viewer: ['read'],
   editor: ['read', 'read_security', 'write'],
   admin: ['read', 'read_security', 'write', 'write_security', 'delete'],
 };
diff --git a/src/state/sagas/datasets/CreateDataset/CreateDataset.js b/src/state/sagas/datasets/CreateDataset/CreateDataset.js
@@ -11,7 +11,7 @@ import { dispatchSetApplicationErrorMessage } from '../../../dispatchers/app/App
 
 // TODO: replace by data from redux when dataset roles-permissions mapping is added in back-end /permissions endpoint
 const DATASET_PERMISSIONS_MAPPING = {
-  viewer: ['read', 'read_security'],
+  viewer: ['read'],
   editor: ['read', 'read_security', 'write'],
   admin: ['read', 'read_security', 'write', 'write_security', 'delete'],
 };
diff --git a/src/state/sagas/datasets/FindAllDatasets/FindAllDatasets.js b/src/state/sagas/datasets/FindAllDatasets/FindAllDatasets.js
@@ -12,7 +12,7 @@ import { dispatchSetApplicationErrorMessage } from '../../../dispatchers/app/App
 
 // TODO: replace by data from redux when dataset roles-permissions mapping is added in back-end /permissions endpoint
 const DATASET_PERMISSIONS_MAPPING = {
-  viewer: ['read', 'read_security'],
+  viewer: ['read'],
   editor: ['read', 'read_security', 'write'],
   admin: ['read', 'read_security', 'write', 'write_security', 'delete'],
 };
diff --git a/src/utils/__test__/fixtures/OrganizationPermissions.js b/src/utils/__test__/fixtures/OrganizationPermissions.js
@@ -6,7 +6,7 @@ export const ORGANIZATION_PERMISSIONS = [
     component: 'organization',
     roles: {
       none: [],
-      viewer: ['read', 'read_security'],
+      viewer: ['read'],
       user: ['read', 'read_security', 'create_children'],
       editor: ['read', 'read_security', 'create_children', 'write'],
       admin: ['read', 'read_security', 'create_children', 'write', 'write_security', 'delete'],
@@ -16,7 +16,7 @@ export const ORGANIZATION_PERMISSIONS = [
     component: 'workspace',
     roles: {
       none: [],
-      viewer: ['read', 'read_security'],
+      viewer: ['read'],
       user: ['read', 'read_security', 'create_children'],
       editor: ['read', 'read_security', 'create_children', 'write'],
       admin: ['read', 'read_security', 'create_children', 'write', 'write_security', 'delete'],
@@ -26,7 +26,7 @@ export const ORGANIZATION_PERMISSIONS = [
     component: 'scenario',
     roles: {
       none: [],
-      viewer: ['read', 'read_security'],
+      viewer: ['read'],
       editor: ['read', 'read_security', 'launch', 'write'],
       validator: ['read', 'read_security', 'launch', 'write', 'validate'],
       admin: ['read', 'read_security', 'launch', 'write', 'validate', 'write_security', 'delete'],
@@ -37,21 +37,21 @@ export const ORGANIZATION_PERMISSIONS = [
 export const EXPECTED_PERMISSIONS_MAPPING = {
   organization: {
     none: [],
-    viewer: ['read', 'read_security'],
+    viewer: ['read'],
     user: ['read', 'read_security', 'create_children'],
     editor: ['read', 'read_security', 'create_children', 'write'],
     admin: ['read', 'read_security', 'create_children', 'write', 'write_security', 'delete'],
   },
   workspace: {
     none: [],
-    viewer: ['read', 'read_security'],
+    viewer: ['read'],
     user: ['read', 'read_security', 'create_children'],
     editor: ['read', 'read_security', 'create_children', 'write'],
     admin: ['read', 'read_security', 'create_children', 'write', 'write_security', 'delete'],
   },
   scenario: {
     none: [],
-    viewer: ['read', 'read_security'],
+    viewer: ['read'],
     editor: ['read', 'read_security', 'launch', 'write'],
     validator: ['read', 'read_security', 'launch', 'write', 'validate'],
     admin: ['read', 'read_security', 'launch', 'write', 'validate', 'write_security', 'delete'],
