added fixes from old PR

lucasgoral · lucasgoral · commit 2326f1e3526a · 2025-11-17T16:16:09.000+01:00
diff --git a/src/components/ControlPlane/GitRepositories.tsx b/src/components/ControlPlane/GitRepositories.tsx
@@ -24,8 +24,9 @@ import { useHandleResourcePatch } from '../../hooks/useHandleResourcePatch.ts';
 import { ErrorDialog, ErrorDialogHandle } from '../Shared/ErrorMessageBox.tsx';
 import type { GitReposResponse } from '../../lib/api/types/flux/listGitRepo';
 import { ActionsMenu, type ActionItem } from './ActionsMenu';
-import { useAuthMcp } from '../../spaces/mcp/auth/AuthContextMcp.tsx';
+
 import { ApiConfigContext } from '../Shared/k8s';
+import { useHasMcpAdminRights } from '../../spaces/mcp/auth/useHasMcpAdminRights.ts';
 
 export type GitRepoItem = GitReposResponse['items'][0] & {
   apiVersion?: string;
@@ -49,7 +50,7 @@ export function GitRepositories() {
     revision?: string;
   };
   const apiConfig = useContext(ApiConfigContext);
-  const { hasMCPAdminRights } = useAuthMcp();
+  const hasMCPAdminRights = useHasMcpAdminRights();
   const openEditPanel = useCallback(
     (item: GitRepoItem) => {
       const identityKey = `${item.kind}:${item.metadata.namespace ?? ''}:${item.metadata.name}`;
diff --git a/src/components/ControlPlane/Kustomizations.tsx b/src/components/ControlPlane/Kustomizations.tsx
@@ -25,8 +25,9 @@ import { useHandleResourcePatch } from '../../hooks/useHandleResourcePatch.ts';
 import { ErrorDialog, ErrorDialogHandle } from '../Shared/ErrorMessageBox.tsx';
 import type { KustomizationsResponse } from '../../lib/api/types/flux/listKustomization';
 import { ActionsMenu, type ActionItem } from './ActionsMenu';
-import { useAuthMcp } from '../../spaces/mcp/auth/AuthContextMcp.tsx';
+
 import { ApiConfigContext } from '../Shared/k8s';
+import { useHasMcpAdminRights } from '../../spaces/mcp/auth/useHasMcpAdminRights.ts';
 
 export type KustomizationItem = KustomizationsResponse['items'][0] & {
   apiVersion?: string;
@@ -67,7 +68,7 @@ export function Kustomizations() {
     },
     [openInAside, handlePatch, apiConfig],
   );
-  const { hasMCPAdminRights } = useAuthMcp();
+  const hasMCPAdminRights = useHasMcpAdminRights();
 
   const columns = useMemo<AnalyticalTableColumnDefinition[]>(
     () =>
diff --git a/src/components/ControlPlane/ManagedResources.cy.tsx b/src/components/ControlPlane/ManagedResources.cy.tsx
@@ -42,8 +42,8 @@ describe('ManagedResources - Delete Resource', () => {
     };
   };
 
-  const fakeUseAuthMcp = () => {
-    return { hasMCPAdminRights: true, isLoading: false, isAuthenticated: true, error: null, login: () => {} };
+  const fakeuseHasMcpAdminRights = () => {
+    return true;
   };
 
   const fakeUseResourcePluralNames: typeof useResourcePluralNames = (): any => {
@@ -102,7 +102,7 @@ describe('ManagedResources - Delete Resource', () => {
             useApiResourceMutation={fakeUseApiResourceMutation}
             useApiResource={fakeUseApiResource}
             useResourcePluralNames={fakeUseResourcePluralNames}
-            useAuthMcp={fakeUseAuthMcp}
+            useHasMcpAdminRights={fakeuseHasMcpAdminRights}
           />
         </SplitterProvider>
       </MemoryRouter>,
@@ -137,7 +137,7 @@ describe('ManagedResources - Delete Resource', () => {
             useApiResourceMutation={fakeUseApiResourceMutation}
             useApiResource={fakeUseApiResource}
             useResourcePluralNames={fakeUseResourcePluralNames}
-            useAuthMcp={fakeUseAuthMcp}
+            useHasMcpAdminRights={fakeuseHasMcpAdminRights}
           />
         </SplitterProvider>
       </MemoryRouter>,
@@ -180,7 +180,7 @@ describe('ManagedResources - Delete Resource', () => {
             useApiResourceMutation={fakeUseApiResourceMutation}
             useApiResource={fakeUseApiResource}
             useResourcePluralNames={fakeUseResourcePluralNames}
-            useAuthMcp={fakeUseAuthMcp}
+            useHasMcpAdminRights={fakeuseHasMcpAdminRights}
           />
         </SplitterProvider>
       </MemoryRouter>,
@@ -216,8 +216,8 @@ describe('ManagedResources - Edit Resource', () => {
   let patchCalled = false;
   let patchedItem: any = null;
 
-  const fakeUseAuthMcp = () => {
-    return { hasMCPAdminRights: true, isLoading: false, isAuthenticated: true, error: null, login: () => {} };
+  const fakeUseHasMcpAdminRights = () => {
+    return true;
   };
 
   const fakeUseHandleResourcePatch: typeof useHandleResourcePatch = () => {
@@ -305,7 +305,7 @@ describe('ManagedResources - Edit Resource', () => {
               useHandleResourcePatch={fakeUseHandleResourcePatch}
               useApiResource={fakeUseApiResource}
               useResourcePluralNames={fakeUseResourcePluralNames}
-              useAuthMcp={fakeUseAuthMcp}
+              useHasMcpAdminRights={fakeUseHasMcpAdminRights}
             />
           </SplitterLayout>
         </SplitterProvider>
diff --git a/src/components/ControlPlane/ManagedResources.tsx b/src/components/ControlPlane/ManagedResources.tsx
@@ -39,8 +39,9 @@ import { YamlSidePanel } from '../Yaml/YamlSidePanel.tsx';
 import { ErrorDialog, ErrorDialogHandle } from '../Shared/ErrorMessageBox.tsx';
 import { APIError } from '../../lib/api/error.ts';
 import { useHandleResourcePatch as _useHandleResourcePatch } from '../../hooks/useHandleResourcePatch.ts';
-import { useAuthMcp as _useAuthMcp } from '../../spaces/mcp/auth/AuthContextMcp.tsx';
+
 import { ApiConfigContext } from '../Shared/k8s';
+import { useHasMcpAdminRights as _useHasMcpAdminRights } from '../../spaces/mcp/auth/useHasMcpAdminRights.ts';
 
 interface StatusFilterColumn {
   filterValue?: string;
@@ -78,13 +79,13 @@ export function ManagedResources({
   useHandleResourcePatch = _useHandleResourcePatch,
   useApiResource = _useApiResource,
   useResourcePluralNames = _useResourcePluralNames,
-  useAuthMcp = _useAuthMcp,
+  useHasMcpAdminRights = _useHasMcpAdminRights,
 }: {
   useApiResourceMutation?: typeof _useApiResourceMutation;
   useHandleResourcePatch?: typeof _useHandleResourcePatch;
   useApiResource?: typeof _useApiResource;
   useResourcePluralNames?: typeof _useResourcePluralNames;
-  useAuthMcp?: typeof _useAuthMcp;
+  useHasMcpAdminRights?: typeof _useHasMcpAdminRights;
 } = {}) {
   const { t } = useTranslation();
   const toast = useToast();
@@ -138,7 +139,7 @@ export function ManagedResources({
     },
     [openInAside, handlePatch, apiConfig],
   );
-  const { hasMCPAdminRights } = useAuthMcp();
+  const hasMCPAdminRights = useHasMcpAdminRights();
   const columns = useMemo<AnalyticalTableColumnDefinition[]>(
     () =>
       [
diff --git a/src/components/ControlPlane/ProvidersConfig.tsx b/src/components/ControlPlane/ProvidersConfig.tsx
@@ -24,8 +24,9 @@ import { useSplitter } from '../Splitter/SplitterContext.tsx';
 import { YamlSidePanel } from '../Yaml/YamlSidePanel.tsx';
 import { useHandleResourcePatch } from '../../hooks/useHandleResourcePatch.ts';
 import { ErrorDialog, ErrorDialogHandle } from '../Shared/ErrorMessageBox.tsx';
-import { useAuthMcp } from '../../spaces/mcp/auth/AuthContextMcp.tsx';
+
 import { ApiConfigContext } from '../Shared/k8s';
+import { useHasMcpAdminRights } from '../../spaces/mcp/auth/useHasMcpAdminRights.ts';
 
 type Rows = {
   parent: string;
@@ -78,7 +79,7 @@ export function ProvidersConfig() {
     },
     [openInAside, handlePatch, apiConfig],
   );
-  const { hasMCPAdminRights } = useAuthMcp();
+  const hasMCPAdminRights = useHasMcpAdminRights();
   const columns = useMemo<AnalyticalTableColumnDefinition[]>(
     () =>
       [
diff --git a/src/lib/shared/McpContext.tsx b/src/lib/shared/McpContext.tsx
@@ -1,5 +1,5 @@
 import { createContext, ReactNode, useContext } from 'react';
-import { ControlPlane as ManagedControlPlaneResource } from '../api/types/crate/controlPlanes.ts';
+import { ControlPlane as ManagedControlPlaneResource, RoleBinding } from '../api/types/crate/controlPlanes.ts';
 import { ApiConfigProvider } from '../../components/Shared/k8s';
 import { useApiResource } from '../api/useApiResource.ts';
 import { GetKubeconfig } from '../api/types/crate/getKubeconfig.ts';
@@ -15,6 +15,7 @@ interface Mcp {
   secretName?: string;
   secretKey?: string;
   kubeconfig?: string;
+  roleBindings?: RoleBinding[];
 }
 
 interface Props {
@@ -44,6 +45,7 @@ export const McpContextProvider = ({ children, context }: Props) => {
     return <></>;
   }
   context.kubeconfig = kubeconfig.data;
+  context.roleBindings = mcp.data?.spec?.authorization?.roleBindings;
   return <McpContext.Provider value={context}>{children}</McpContext.Provider>;
 };
 
diff --git a/src/spaces/mcp/auth/AuthContextMcp.tsx b/src/spaces/mcp/auth/AuthContextMcp.tsx
@@ -3,31 +3,17 @@ import { MeResponseSchema } from './auth.schemas';
 import { AUTH_FLOW_SESSION_KEY } from '../../../common/auth/AuthCallbackHandler.tsx';
 import { getRedirectSuffix } from '../../../common/auth/getRedirectSuffix.ts';
 import { RoleBinding } from '../../../lib/api/types/crate/controlPlanes.ts';
-import { useAuthOnboarding } from '../../onboarding/auth/AuthContextOnboarding.tsx';
 
 interface AuthContextMcpType {
   isLoading: boolean;
   isAuthenticated: boolean;
   error: Error | null;
   login: () => void;
-  hasMCPAdminRights: boolean;
 }
 
 const AuthContextMcp = createContext<AuthContextMcpType | null>(null);
 
-export function AuthProviderMcp({ children, mcpUsers = [] }: { children: ReactNode; mcpUsers?: RoleBinding[] }) {
-  const auth = useAuthOnboarding();
-
-  const userEmail = auth.user?.email;
-
-  const matchingRoleBinding = mcpUsers.find(
-    (roleBinding) =>
-      Array.isArray(roleBinding.subjects) &&
-      !!userEmail &&
-      roleBinding.subjects.some((subject) => subject?.name?.includes(userEmail ?? '')),
-  );
-  const hasMCPAdminRights = matchingRoleBinding?.role === 'admin';
-
+export function AuthProviderMcp({ children }: { children: ReactNode; mcpUsers?: RoleBinding[] }) {
   const [isAuthenticated, setIsAuthenticated] = useState(false);
   const [isLoading, setIsLoading] = useState(true);
   const [error, setError] = useState<Error | null>(null);
@@ -74,9 +60,7 @@ export function AuthProviderMcp({ children, mcpUsers = [] }: { children: ReactNo
     window.location.replace(`/api/auth/mcp/login?redirectTo=${encodeURIComponent(getRedirectSuffix())}`);
   };
 
-  return (
-    <AuthContextMcp value={{ isLoading, isAuthenticated, error, login, hasMCPAdminRights }}>{children}</AuthContextMcp>
-  );
+  return <AuthContextMcp value={{ isLoading, isAuthenticated, error, login }}>{children}</AuthContextMcp>;
 }
 
 export const useAuthMcp = () => {
diff --git a/src/spaces/mcp/auth/useHasMcpAdminRights.ts b/src/spaces/mcp/auth/useHasMcpAdminRights.ts
@@ -0,0 +1,20 @@
+import { useAuthOnboarding } from '../../onboarding/auth/AuthContextOnboarding.tsx';
+import { useMcp } from '../../../lib/shared/McpContext.tsx';
+
+export function useHasMcpAdminRights(): boolean {
+  const auth = useAuthOnboarding();
+  const mcp = useMcp();
+  const userEmail = auth.user?.email;
+  const mcpUsers = mcp.roleBindings ?? [];
+
+  if (!userEmail) {
+    return false;
+  }
+
+  const matchingRoleBinding = mcpUsers.find(
+    (roleBinding) =>
+      Array.isArray(roleBinding.subjects) && roleBinding.subjects.some((subject) => subject?.name?.includes(userEmail)),
+  );
+
+  return matchingRoleBinding?.role === 'admin';
+}
