staging hotfix: [UIE-9167] - IAM: Ensure proper permission mapping for view_account_settings (#12840)

* Ensure proper permission mapping for view_account_settings

* revert unecessary e2e alterations

Author: abailly-akamai

packages/manager/cypress/e2e/core/account/account-cancellation.spec.ts

@@ -178,14 +178,51 @@ describe('Account cancellation', () => {
     mockGetAccount(mockAccount).as('getAccount');
     mockGetProfile(mockProfile).as('getProfile');
     mockGetProfileGrants(mockGrants).as('getGrants');
+    mockCancelAccountError('Unauthorized', 403).as('cancelAccount');
+
+    // Navigate to Account Settings page, click "Close Account" button.
 
     cy.visitWithLogin('/account/settings');
     cy.wait(['@getAccount', '@getProfile', '@getGrants']);
 
-    cy.findByText(
-      "You don't have permissions to edit this Account. Please contact your account administrator to request the necessary permissions.",
-      { exact: false }
-    ).should('be.visible');
+    cy.findByTestId('close-account')
+      .should('be.visible')
+      .within(() => {
+        cy.findByTestId('close-account-button')
+          .should('be.visible')
+          .should('be.enabled')
+          .click();
+      });
+
+    // Fill out cancellation dialog and attempt submission.
+    ui.dialog
+      .findByTitle(cancellationDialogTitle)
+      .should('be.visible')
+      .within(() => {
+        // Check both boxes but verify submit remains disabled without email
+        cy.get('[data-qa-checkbox="deleteAccountServices"]').click();
+        cy.get('[data-qa-checkbox="deleteAccountUsers"]').click();
+
+        ui.button
+          .findByTitle('Close Account')
+          .should('be.visible')
+          .should('be.disabled');
+
+        cy.findByLabelText(`Enter your email address (${mockProfile.email})`)
+          .should('be.visible')
+          .should('be.enabled')
+          .type(mockProfile.email);
+
+        ui.button
+          .findByTitle('Close Account')
+          .should('be.visible')
+          .should('be.enabled')
+          .click();
+
+        // Confirm that API unauthorized error message is displayed.
+        cy.wait('@cancelAccount');
+        cy.findByText('Unauthorized').should('be.visible');
+      });
   });
 });
 

packages/manager/cypress/e2e/core/account/account-linode-managed.spec.ts

@@ -120,10 +120,31 @@ describe('Account Linode Managed', () => {
     visitUrlWithManagedDisabled('/account/settings');
     cy.wait(['@getAccount', '@getProfile', '@getGrants']);
 
-    cy.findByText(
-      "You don't have permissions to edit this Account. Please contact your account administrator to request the necessary permissions.",
-      { exact: false }
-    ).should('be.visible');
+    ui.button
+      .findByTitle('Add Linode Managed')
+      .should('be.visible')
+      .should('be.enabled')
+      .click();
+
+    ui.dialog
+      .findByTitle('Just to confirm...')
+      .should('be.visible')
+      .within(() => {
+        cy.get('h6')
+          .invoke('text')
+          .then((text) => {
+            expect(text.trim()).to.equal(linodeEnabledMessageText(0));
+          });
+        // Confirm that submit button is enabled.
+        ui.button
+          .findByTitle('Add Linode Managed')
+          .should('be.visible')
+          .should('be.enabled')
+          .click();
+        cy.wait('@enableLinodeManaged');
+        // Confirm that Cloud Manager displays a notice about Linode managed is unauthorized.
+        cy.findByText(errorMessage, { exact: false }).should('be.visible');
+      });
   });
 
   /*

packages/manager/src/features/IAM/hooks/adapters/accountGrantsToPermissions.ts

@@ -42,7 +42,7 @@ export const accountGrantsToPermissions = (
     list_user_grants: unrestricted, // TODO: verify mapping as this is not in the API
     view_account: unrestricted,
     view_account_login: unrestricted,
-    view_account_settings: unrestricted,
+    view_account_settings: hasReadAccess,
     view_enrolled_beta_program: unrestricted,
     view_network_usage: unrestricted,
     view_region_available_service: unrestricted,