Skip to content

refactor(rbac): consolidate role permissions and restructure role editor#517

Open
larsgeorge-db wants to merge 1 commit into
mainfrom
refactor-role-permissions-cleanup
Open

refactor(rbac): consolidate role permissions and restructure role editor#517
larsgeorge-db wants to merge 1 commit into
mainfrom
refactor-role-permissions-cleanup

Conversation

@larsgeorge-db

@larsgeorge-db larsgeorge-db commented Jun 11, 2026

Copy link
Copy Markdown
Collaborator

Summary

Consolidates the duplicate settings-* permissions with their consumption-side counterparts and reshapes the role editor to mirror the actual sidebar layout instead of an arbitrary flat list. Also clarifies the dropdown semantics for "implicit" features (commenting, requesting access grants, viewing process workflows) so None is no longer offered as a choice for features every authenticated user should have access to.

Permission consolidation

Eight settings-* permissions are removed; their consumption-side IDs now gate both the Settings sidebar entry and any cross-app surface. The access level expresses scope (READ_WRITE = use in app, ADMIN = manage the settings page):

Removed Now gated by
settings-data-domains data-domains
settings-business-roles business-roles
settings-delivery-methods delivery-methods
settings-teams teams
settings-projects projects
settings-audit audit
settings-tags tags
settings-jobs jobs

Also removed:

  • self-service (only gated POST /data-contracts/{id}/handle-deploy, now uses data-contracts: READ/WRITE since approving a deploy is a modify-contract action).
  • llm-search (dead permission — LLM Search routes intentionally bypass PermissionChecker and rely on per-tool result filtering).

Implicit feature levels

Three features that should be available to any authenticated user no longer offer None in the dropdown — new shared IMPLICIT_FEATURE_LEVELS = [READ_ONLY, READ_WRITE, ADMIN]:

  • comments (Comments & Ratings)
  • access-grants
  • process-workflows

Role editor restructuring

role-form-dialog.tsx now mirrors the actual sidebar layout:

  • Settings sub-groups (Reference Data → Configuration → Integrations → Operations → Access Control) match the Settings sidebar order exactly. Reference Data sorts Asset Types between Delivery Methods and Teams to match the sidebar.
  • Each non-Settings group splits into two sub-sections: sidebar items (sorted by main-nav order) and a new "Background" sub-section (alphabetical) for cross-cutting features without a sidebar entry — comments, access-grants, process-workflows, business-owners, ontology, entity_relationships, schema-importer.
  • Hidden features (hidden_from_role_dialog) are skipped entirely (notifications, entity_subscriptions).
  • settings-delivery renamed to "Delivery Modes" to disambiguate from the delivery-methods reference data.
  • settings-maturity-levels display name fixed (stale "Settings — " prefix removed).

Backend flags surfaced through API

get_features_with_access_levels now passes two flags to the frontend:

  • hidden_from_role_dialog: True — backend-only perms with no end-user UI surface.
  • cross_cutting: True — features rendered inline (panels, detail pages) without a sidebar entry.

Files changed

  • Backend: features.py, settings_manager.py, data_contracts_routes.py, settings_routes.py, tags_routes.py, test_settings_manager.py
  • Frontend: role-form-dialog.tsx, settings-layout.tsx, types/settings.ts, settings.json, views (audit-trail, business-roles, data-domains, delivery-methods, projects, teams, settings-jobs, settings-tags)

18 files changed, 431 insertions(+), 184 deletions(-).

Migration note

Existing roles in the DB with comments: None (or other implicit-feature None values) keep that value until the role is next edited — the runtime PermissionChecker is unchanged, only the dropdown options are restricted going forward.

Test plan

  • test_settings_manager.py::test_get_features_with_access_levels updated and passing — expected subpage IDs reflect the consolidation; settings-maturity-levels added to the expected set.
  • Lints clean on all touched files.
  • Backend hot-reloads cleanly with the new feature config.
  • Frontend HMR succeeds; role dialog renders the new sub-section structure.
  • Manual smoke test: open the role editor and verify
    • Settings sub-groups appear in sidebar order (Reference Data → Configuration → Integrations → Operations → Access Control)
    • Reference Data row order matches the Settings sidebar
    • "Background" sub-sections appear under Build, Govern, and Settings with the right items
    • comments, access-grants, process-workflows dropdowns no longer offer None
    • notifications and entity_subscriptions do not appear at all
  • Manual smoke test: edit a non-admin role with reduced tags permission, confirm Tags settings page is gated correctly (R/O hides admin actions, ADMIN shows them) and tag application still works on detail pages at R/W.

@larsgeorge-db
refactor(rbac): consolidate role permissions and restructure role editor
aabbf6e 
Consolidate the duplicate `settings-*` permissions with their consumption-side
counterparts and reshape the role editor to mirror the actual sidebar layout
instead of an arbitrary flat list.

Backend (features.py):
- Drop `settings-data-domains`, `settings-business-roles`, `settings-delivery-methods`,
  `settings-teams`, `settings-projects`, `settings-audit`, `settings-tags`, `settings-jobs`.
  Their consumption IDs (`data-domains`, `business-roles`, …, `tags`, `jobs`) now gate
  both the Settings sidebar entry and any cross-app consumption — the access level
  expresses scope (READ_WRITE = use in app, ADMIN = manage the settings page).
- Remove `self-service` (only gated one endpoint). The deploy-approval handler in
  `data_contracts_routes.py` now uses `data-contracts: READ/WRITE`.
- Remove the dead `llm-search` permission (LLM Search routes intentionally bypass
  PermissionChecker and rely on per-tool filtering).
- Rename `settings-delivery` display name to "Delivery Modes" to disambiguate from
  the `delivery-methods` reference data.
- Fix `settings-maturity-levels` display name (drop stale "Settings — " prefix).
- Add `hidden_from_role_dialog: True` to `notifications` and `entity_subscriptions`
  (backend-only perms with no end-user UI).
- Add `cross_cutting: True` flag for features without a sidebar entry: `comments`,
  `access-grants`, `process-workflows`, `business-owners`, `ontology`,
  `entity_relationships`, `schema-importer`.
- Drop `None` from the allowed levels for implicit features that should be available
  to any authenticated user: `comments`, `access-grants`, `process-workflows`. New
  shared `IMPLICIT_FEATURE_LEVELS` constant (READ_ONLY → READ_WRITE → ADMIN).

Backend (routes):
- `tags_routes.py`: all 8 `PermissionChecker('settings-tags', …)` callsites switched
  to `'tags'` (6 ADMIN, 2 READ_ONLY).
- `settings_routes.py`: `/settings/job-clusters` switched from `'settings-jobs'` to
  `'jobs'`.
- `data_contracts_routes.py`: handle-deploy switched from `'self-service'` to
  `'data-contracts'`.

Backend (settings_manager.py):
- `get_features_with_access_levels` now passes `hidden_from_role_dialog` and
  `cross_cutting` flags through to the frontend.

Frontend:
- `settings-layout.tsx`: sidebar entries for Domains, Business Roles, Delivery
  Methods, Teams, Projects, Audit, Tags, Jobs gate on their new consolidated IDs.
- `role-form-dialog.tsx`:
  - Settings sub-groups (Reference Data, Configuration, Integrations, Operations,
    Access Control) mirror the Settings sidebar order exactly. Reference Data now
    sorts Asset Types between Delivery Methods and Teams to match the sidebar.
  - Each non-Settings group splits into two sub-sections: sidebar items (sorted
    by main-nav order) and a "Background" sub-section (alphabetical) for
    cross-cutting features that don't have a sidebar entry.
  - `business-owners` moved out of Settings → Reference Data into Settings →
    Background (it has no sidebar entry — used inline by the ownership panel).
  - Hidden features (`hidden_from_role_dialog`) are skipped entirely.
  - Settings — Maturity Levels appears with its corrected display name.
- View `permissionId` props point at the consolidated consumption IDs:
  audit-trail, business-roles, data-domains, delivery-methods, projects, teams,
  settings-jobs, settings-tags.
- `types/settings.ts`: `FeatureConfig` gains optional `hidden_from_role_dialog`
  and `cross_cutting` fields.
- `settings.json`: new `permissions.crossCutting` translation key ("Background");
  removed unused `settingsSubGroups.tags` / `.jobs` entries.

Tests:
- `test_settings_manager.py::test_get_features_with_access_levels` expected
  subpage IDs updated to reflect the consolidation; `settings-maturity-levels`
  added to the expected set.

Migration note: existing roles in the DB with `comments: None` (or other
implicit-feature `None` values) will keep that value until next edit, since the
runtime PermissionChecker is unchanged — only the dropdown options are
restricted going forward.
@larsgeorge-db larsgeorge-db requested a review from a team as a code owner June 11, 2026 08:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@larsgeorge-db