fix: [PROD-14244] show disabled share buttons to resources viewers

Author: csm-thu

public/locales/en/translation.json

@@ -421,7 +421,8 @@
         "button": {
           "label": "Share",
           "tooltip": "Modify access",
-          "editModeTooltip": "Please save or discard current modifications before changing the scenario access permissions"
+          "editModeTooltip": "Please save or discard current modifications before changing the scenario access permissions",
+          "noReadSecurityPermissionTooltip": "You are not allowed to share or see the security details of this resource"
         },
         "dialog": {
           "buttons": {

public/locales/fr/translation.json

@@ -421,7 +421,8 @@
         "button": {
           "label": "Partager",
           "tooltip": "Modifier l'accès",
-          "editModeTooltip": "Veuillez sauver ou annuler les modifications en cours avant de modifier les permissions d'accès du scénario"
+          "editModeTooltip": "Veuillez sauver ou annuler les modifications en cours avant de modifier les permissions d'accès du scénario",
+          "noReadSecurityPermissionTooltip": "Vous n'avez pas les permissions pour partager ou voir les informations de sécurité de cette ressource"
         },
         "dialog": {
           "buttons": {

src/components/ShareCurrentScenarioButton/ShareCurrentScenarioButton.js

@@ -1,53 +1,40 @@
 // Copyright (c) Cosmo Tech.
 // Licensed under the MIT license.
 import React from 'react';
-import { PermissionsGate, RolesEditionButton } from '@cosmotech/ui';
-import { ACL_PERMISSIONS } from '../../services/config/accessControl';
+import { RolesEditionButton } from '@cosmotech/ui';
 import { useShareCurrentScenarioButton } from './ShareCurrentScenarioButtonHook';
 
 const ShareCurrentScenarioButton = () => {
   const {
-    isDirty,
+    disabled,
+    isReadOnly,
     accessListSpecific,
     applyScenarioSecurityChanges,
     defaultRole,
     permissionsLabels,
     permissionsMapping,
     rolesLabels,
     shareScenarioDialogLabels,
-    userPermissionsOnCurrentScenario,
     workspaceUsers,
   } = useShareCurrentScenarioButton();
 
   return (
-    <>
-      <PermissionsGate
-        userPermissions={userPermissionsOnCurrentScenario}
-        necessaryPermissions={[ACL_PERMISSIONS.SCENARIO.READ_SECURITY]}
-      >
-        <PermissionsGate
-          userPermissions={userPermissionsOnCurrentScenario}
-          necessaryPermissions={[ACL_PERMISSIONS.SCENARIO.WRITE_SECURITY]}
-          noPermissionProps={{ isReadOnly: true }}
-        >
-          <RolesEditionButton
-            data-cy="share-scenario-button"
-            disabled={isDirty}
-            labels={shareScenarioDialogLabels}
-            onConfirmChanges={applyScenarioSecurityChanges}
-            resourceRolesPermissionsMapping={permissionsMapping.scenario}
-            agents={workspaceUsers}
-            specificAccessByAgent={accessListSpecific}
-            defaultRole={defaultRole}
-            defaultAccessScope="Workspace"
-            preventNoneRoleForAgents={true}
-            allRoles={rolesLabels}
-            allPermissions={permissionsLabels}
-            isIconButton={true}
-          />
-        </PermissionsGate>
-      </PermissionsGate>
-    </>
+    <RolesEditionButton
+      data-cy="share-scenario-button"
+      disabled={disabled}
+      isReadOnly={isReadOnly}
+      labels={shareScenarioDialogLabels}
+      onConfirmChanges={applyScenarioSecurityChanges}
+      resourceRolesPermissionsMapping={permissionsMapping.scenario}
+      agents={workspaceUsers}
+      specificAccessByAgent={accessListSpecific}
+      defaultRole={defaultRole}
+      defaultAccessScope="Workspace"
+      preventNoneRoleForAgents={true}
+      allRoles={rolesLabels}
+      allPermissions={permissionsLabels}
+      isIconButton={true}
+    />
   );
 };
 

src/components/ShareCurrentScenarioButton/ShareCurrentScenarioButtonHook.js

@@ -4,6 +4,7 @@ import { useCallback, useMemo } from 'react';
 import { useFormState } from 'react-hook-form';
 import { useTranslation } from 'react-i18next';
 import { useUserPermissionsOnCurrentScenario } from '../../hooks/SecurityHooks';
+import { ACL_PERMISSIONS } from '../../services/config/accessControl';
 import {
   useApplicationPermissionsMapping,
   useApplicationRoles,
@@ -29,11 +30,6 @@ export const useShareCurrentScenarioButton = () => {
 
   const applyScenarioSharingSecurity = useApplyScenarioSharingSecurity();
 
-  const shareScenarioDialogLabels = useMemo(
-    () => getShareScenarioDialogLabels(t, currentScenarioData?.name, isDirty),
-    [currentScenarioData?.name, t, isDirty]
-  );
-
   const rolesLabels = useMemo(() => {
     const rolesNames = Object.values(roles.scenario);
     return SecurityUtils.getRolesLabels(t, rolesNames);
@@ -63,9 +59,24 @@ export const useShareCurrentScenarioButton = () => {
     [applyScenarioSharingSecurity, currentScenarioData?.id]
   );
 
+  const hasReadSecurityPermission = useMemo(
+    () => userPermissionsOnCurrentScenario.includes(ACL_PERMISSIONS.SCENARIO.READ_SECURITY),
+    [userPermissionsOnCurrentScenario]
+  );
+  const disabled = useMemo(() => isDirty || !hasReadSecurityPermission, [isDirty, hasReadSecurityPermission]);
+  const isReadOnly = useMemo(
+    () => !userPermissionsOnCurrentScenario.includes(ACL_PERMISSIONS.SCENARIO.WRITE_SECURITY),
+    [userPermissionsOnCurrentScenario]
+  );
+
+  const shareScenarioDialogLabels = useMemo(
+    () => getShareScenarioDialogLabels(t, currentScenarioData?.name, isDirty, hasReadSecurityPermission),
+    [currentScenarioData?.name, t, isDirty, hasReadSecurityPermission]
+  );
+
   return {
-    isDirty,
-    userPermissionsOnCurrentScenario,
+    disabled,
+    isReadOnly,
     permissionsMapping,
     shareScenarioDialogLabels,
     rolesLabels,

src/components/ShareCurrentScenarioButton/labels.js

@@ -1,57 +1,69 @@
 // Copyright (c) Cosmo Tech.
 // Licensed under the MIT license.
 
-export const getShareScenarioDialogLabels = (t, currentScenarioName, isDirty) => ({
-  button: {
-    title: t('commoncomponents.dialog.share.button.label', 'Share'),
-    tooltip: isDirty
-      ? t(
-          'commoncomponents.dialog.share.button.editModeTooltip',
-          'Please save or discard current modifications before changing the scenario access permissions'
-        )
-      : t('commoncomponents.dialog.share.button.label', 'Share'),
-  },
-  dialog: {
-    title: t('commoncomponents.dialog.share.dialog.title', 'Share ') + currentScenarioName,
-    readOnlyTitle: t('commoncomponents.dialog.share.dialog.readOnlyTitle', 'Permissions for ') + currentScenarioName,
-    addPeople: t('commoncomponents.dialog.share.dialog.select.addPeople', 'Add people'),
-    cancel: t('commoncomponents.dialog.share.dialog.buttons.cancel', 'Cancel'),
-    close: t('commoncomponents.dialog.share.dialog.buttons.close', 'Close'),
-    share: t('commoncomponents.dialog.share.dialog.buttons.share', 'Share'),
-    noAdminError: t(
-      'commoncomponents.dialog.share.dialog.error.noAdmin',
-      'The scenario must have at least one administrator'
-    ),
-    userSelected: t('commoncomponents.dialog.share.dialog.select.userSelected', 'Selected user'),
-    usersAccess: t('commoncomponents.dialog.share.dialog.editor.usersAccess', 'Users access'),
-    generalAccess: t('commoncomponents.dialog.share.dialog.editor.generalAccess', 'General access'),
-    removeAccess: t('commoncomponents.dialog.share.dialog.editor.removeAccess', 'Remove specific access'),
-    editor: {
-      helperText: {
-        admin: t('commoncomponents.dialog.share.dialog.editor.helperText.admin', 'Anyone in this workspace is admin'),
-        viewer: t(
-          'commoncomponents.dialog.share.dialog.editor.helperText.viewer',
-          'Anyone in this workspace is viewer'
-        ),
-        validator: t(
-          'commoncomponents.dialog.share.dialog.editor.helperText.validator',
-          'Anyone in this workspace is validator'
-        ),
-        editor: t(
-          'commoncomponents.dialog.share.dialog.editor.helperText.editor',
-          'Anyone in this workspace is editor'
-        ),
-        none: t('commoncomponents.dialog.share.dialog.editor.helperText.none', 'Other users cannot view the scenario'),
-      },
+export const getShareScenarioDialogLabels = (t, currentScenarioName, isDirty, hasReadSecurityPermission) => {
+  let tooltip = t('commoncomponents.dialog.share.button.label', 'Share');
+  if (!hasReadSecurityPermission)
+    tooltip = t(
+      'commoncomponents.dialog.share.button.noReadSecurityPermissionTooltip',
+      'You are not allowed to share or see the security details of this resource'
+    );
+  else if (isDirty)
+    tooltip = t(
+      'commoncomponents.dialog.share.button.editModeTooltip',
+      'Please save or discard current modifications before changing the scenario access permissions'
+    );
+
+  return {
+    button: {
+      title: t('commoncomponents.dialog.share.button.label', 'Share'),
+      tooltip,
     },
-    add: {
+    dialog: {
+      title: t('commoncomponents.dialog.share.dialog.title', 'Share ') + currentScenarioName,
+      readOnlyTitle: t('commoncomponents.dialog.share.dialog.readOnlyTitle', 'Permissions for ') + currentScenarioName,
+      addPeople: t('commoncomponents.dialog.share.dialog.select.addPeople', 'Add people'),
       cancel: t('commoncomponents.dialog.share.dialog.buttons.cancel', 'Cancel'),
-      deniedPermissions: t('commoncomponents.dialog.share.dialog.add.deniedPermissions', 'Not granted permissions'),
-      done: t('commoncomponents.dialog.share.dialog.buttons.done', 'Done'),
-      grantedPermissions: t('commoncomponents.dialog.share.dialog.add.grantedPermissions', 'Granted permissions'),
-      rolesTitle: t('commoncomponents.dialog.share.dialog.add.rolesTitle', 'Roles'),
+      close: t('commoncomponents.dialog.share.dialog.buttons.close', 'Close'),
+      share: t('commoncomponents.dialog.share.dialog.buttons.share', 'Share'),
+      noAdminError: t(
+        'commoncomponents.dialog.share.dialog.error.noAdmin',
+        'The scenario must have at least one administrator'
+      ),
       userSelected: t('commoncomponents.dialog.share.dialog.select.userSelected', 'Selected user'),
-      rolesHelperText: t('commoncomponents.dialog.share.dialog.add.rolesHelperText', 'Select one role'),
+      usersAccess: t('commoncomponents.dialog.share.dialog.editor.usersAccess', 'Users access'),
+      generalAccess: t('commoncomponents.dialog.share.dialog.editor.generalAccess', 'General access'),
+      removeAccess: t('commoncomponents.dialog.share.dialog.editor.removeAccess', 'Remove specific access'),
+      editor: {
+        helperText: {
+          admin: t('commoncomponents.dialog.share.dialog.editor.helperText.admin', 'Anyone in this workspace is admin'),
+          viewer: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.viewer',
+            'Anyone in this workspace is viewer'
+          ),
+          validator: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.validator',
+            'Anyone in this workspace is validator'
+          ),
+          editor: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.editor',
+            'Anyone in this workspace is editor'
+          ),
+          none: t(
+            'commoncomponents.dialog.share.dialog.editor.helperText.none',
+            'Other users cannot view the scenario'
+          ),
+        },
+      },
+      add: {
+        cancel: t('commoncomponents.dialog.share.dialog.buttons.cancel', 'Cancel'),
+        deniedPermissions: t('commoncomponents.dialog.share.dialog.add.deniedPermissions', 'Not granted permissions'),
+        done: t('commoncomponents.dialog.share.dialog.buttons.done', 'Done'),
+        grantedPermissions: t('commoncomponents.dialog.share.dialog.add.grantedPermissions', 'Granted permissions'),
+        rolesTitle: t('commoncomponents.dialog.share.dialog.add.rolesTitle', 'Roles'),
+        userSelected: t('commoncomponents.dialog.share.dialog.select.userSelected', 'Selected user'),
+        rolesHelperText: t('commoncomponents.dialog.share.dialog.add.rolesHelperText', 'Select one role'),
+      },
     },
-  },
-});
+  };
+};

src/components/ShareDatasetButton/ShareDatasetButton.js

@@ -1,9 +1,8 @@
 // Copyright (c) Cosmo Tech.
 // Licensed under the MIT license.
-import React, { useMemo } from 'react';
+import React from 'react';
 import PropTypes from 'prop-types';
 import { PermissionsGate, RolesEditionButton } from '@cosmotech/ui';
-import { INGESTION_STATUS } from '../../services/config/ApiConstants';
 import { ACL_PERMISSIONS } from '../../services/config/accessControl';
 import { useShareDatasetButton } from './ShareDatasetButtonHook';
 
@@ -15,40 +14,38 @@ const ShareDatasetButton = ({ dataset }) => {
     permissionsLabels,
     permissionsMapping,
     rolesLabels,
-    shareDatasetDialogLabels,
+    buildShareDatasetDialogLabels,
     getUserPermissionOnDataset,
     workspaceUsers,
   } = useShareDatasetButton();
 
   const datasetId = dataset?.id;
-  const isDisabled = useMemo(() => !dataset || dataset.ingestionStatus === INGESTION_STATUS.PENDING, [dataset]);
+  const userPermissions = getUserPermissionOnDataset(datasetId);
+  const hasReadSecurityPermission = userPermissions.includes(ACL_PERMISSIONS.DATASET.READ_SECURITY);
+  const isDisabled = !dataset || !hasReadSecurityPermission;
+  const labels = buildShareDatasetDialogLabels(dataset, hasReadSecurityPermission);
 
   return (
     <>
       <PermissionsGate
         userPermissions={getUserPermissionOnDataset(datasetId)}
-        necessaryPermissions={[ACL_PERMISSIONS.DATASET.READ_SECURITY]}
+        necessaryPermissions={[ACL_PERMISSIONS.DATASET.WRITE_SECURITY]}
+        noPermissionProps={{ isReadOnly: true }}
       >
-        <PermissionsGate
-          userPermissions={getUserPermissionOnDataset(datasetId)}
-          necessaryPermissions={[ACL_PERMISSIONS.DATASET.WRITE_SECURITY]}
-          noPermissionProps={{ isReadOnly: true }}
-        >
-          <RolesEditionButton
-            disabled={isDisabled}
-            isIconButton={true}
-            labels={shareDatasetDialogLabels(datasetId)}
-            onConfirmChanges={(security) => updateDatasetSecurity(datasetId, security)}
-            resourceRolesPermissionsMapping={permissionsMapping.dataset}
-            agents={workspaceUsers}
-            specificAccessByAgent={accessListSpecific(datasetId)}
-            defaultRole={defaultRole(datasetId)}
-            defaultAccessScope="Workspace"
-            preventNoneRoleForAgents={true}
-            allRoles={rolesLabels}
-            allPermissions={permissionsLabels}
-          />
-        </PermissionsGate>
+        <RolesEditionButton
+          disabled={isDisabled}
+          isIconButton={true}
+          labels={labels}
+          onConfirmChanges={(security) => updateDatasetSecurity(datasetId, security)}
+          resourceRolesPermissionsMapping={permissionsMapping.dataset}
+          agents={workspaceUsers}
+          specificAccessByAgent={accessListSpecific(datasetId)}
+          defaultRole={defaultRole(datasetId)}
+          defaultAccessScope="Workspace"
+          preventNoneRoleForAgents={true}
+          allRoles={rolesLabels}
+          allPermissions={permissionsLabels}
+        />
       </PermissionsGate>
     </>
   );

src/components/ShareDatasetButton/ShareDatasetButtonHook.js

@@ -28,9 +28,9 @@ export const useShareDatasetButton = () => {
 
   const updateDatasetSecurity = useUpdateDatasetSecurity();
 
-  const shareDatasetDialogLabels = useCallback(
-    (datasetId) => getShareDatasetDialogLabels(t, findDatasetById(datasetId)?.name),
-    [findDatasetById, t]
+  const buildShareDatasetDialogLabels = useCallback(
+    (dataset, hasReadSecurityPermission) => getShareDatasetDialogLabels(t, dataset?.name, hasReadSecurityPermission),
+    [t]
   );
 
   const rolesLabels = useMemo(() => {
@@ -58,7 +58,7 @@ export const useShareDatasetButton = () => {
   return {
     getUserPermissionOnDataset,
     permissionsMapping,
-    shareDatasetDialogLabels,
+    buildShareDatasetDialogLabels,
     rolesLabels,
     permissionsLabels,
     workspaceUsers,