fix: [UIE-9495, UIE-9595] - Permissions fixes for admin users on users pages (linode#13074)

* handle admin users account permissions defaults better

* Safe permission checks on user pages

* Same for action menu

* Added changeset: Permissions fixes for admin users on users pages

Author: abailly-akamai

packages/manager/.changeset/pr-13074-fixed-1762772948024.md

@@ -0,0 +1,5 @@
+---
+"@linode/manager": Fixed
+---
+
+Permissions fixes for admin users on users pages ([#13074](https://github.com/linode/manager/pull/13074))

packages/manager/src/features/IAM/Users/UserDetails/UserProfile.tsx

@@ -25,24 +25,24 @@ export const UserProfile = () => {
     'delete_user',
   ]);
 
+  const isAccountAdmin = permissions?.is_account_admin;
+
   const {
     data: user,
     error,
     isLoading,
-  } = useAccountUser(username ?? '', permissions?.is_account_admin);
-  const { data: assignedRoles } = useUserRoles(
-    username ?? '',
-    permissions?.is_account_admin
-  );
+  } = useAccountUser(username ?? '', isAccountAdmin);
+  const { data: assignedRoles } = useUserRoles(username ?? '', isAccountAdmin);
 
-  const canUpdateUser = permissions?.update_user;
-  const canDeleteUser = permissions?.delete_user;
+  // Only admin users get update_user and delete_user permissions, but doing a bit of defensive programming here to be safe.
+  const canUpdateUser = isAccountAdmin || permissions?.update_user;
+  const canDeleteUser = isAccountAdmin || permissions?.delete_user;
 
   if (isLoading) {
     return <CircleProgress />;
   }
 
-  if (!permissions?.is_account_admin) {
+  if (!isAccountAdmin) {
     return (
       <Notice variant="error">
         You do not have permission to view this user&apos;s details.

packages/manager/src/features/IAM/Users/UserDetails/UsernamePanel.tsx

@@ -9,8 +9,6 @@ import { Controller, useForm } from 'react-hook-form';
 
 import { RESTRICTED_FIELD_TOOLTIP } from 'src/features/Account/constants';
 
-import { usePermissions } from '../../hooks/usePermissions';
-
 import type { User } from '@linode/api-v4';
 
 interface Props {
@@ -26,8 +24,6 @@ export const UsernamePanel = ({ activeUser, canUpdateUser }: Props) => {
 
   const { mutateAsync } = useUpdateUserMutation(activeUser.username);
 
-  const { data: permissions } = usePermissions('account', ['update_user']);
-
   const {
     control,
     formState: { isDirty, isSubmitting },
@@ -55,7 +51,7 @@ export const UsernamePanel = ({ activeUser, canUpdateUser }: Props) => {
     }
   };
 
-  const tooltipForDisabledUsernameField = !permissions.update_user
+  const tooltipForDisabledUsernameField = !canUpdateUser
     ? 'Restricted users cannot update their username. Please contact an account administrator.'
     : isProxyUser
       ? RESTRICTED_FIELD_TOOLTIP

packages/manager/src/features/IAM/Users/UsersTable/UsersActionMenu.tsx

@@ -29,7 +29,7 @@ export const UsersActionMenu = (props: Props) => {
     useDelegationRole();
 
   const isAccountAdmin = permissions.is_account_admin;
-  const canDeleteUser = permissions.delete_user;
+  const canDeleteUser = isAccountAdmin || permissions.delete_user;
   const isDelegateUser = userType === 'delegate';
 
   // Determine if the current account is a child account with isIAMDelegationEnabled enabled