From f05d428ffd06dc61de1194f55edeaa7701e523dd Mon Sep 17 00:00:00 2001
From: Sophie Stadler <sophie.stadler@mongodb.com>
Date: Thu, 5 Oct 2023 15:01:09 -0400
Subject: [PATCH] EVG-21009: Make distro settings page readonly if user lacks
 edit permissions (#2086)

---
 .../integration/distroSettings/permissions.ts | 83 +++++++++++++++++++
 src/gql/generated/types.ts                    |  6 +-
 .../user-distro-settings-permissions.graphql  |  1 +
 .../DeleteDistro/DeleteDistro.test.tsx        |  2 +
 .../NewDistro/NewDistroButton.test.tsx        |  2 +
 src/pages/distroSettings/tabs/BaseTab.tsx     | 18 +++-
 6 files changed, 110 insertions(+), 2 deletions(-)
 create mode 100644 cypress/integration/distroSettings/permissions.ts

diff --git a/cypress/integration/distroSettings/permissions.ts b/cypress/integration/distroSettings/permissions.ts
new file mode 100644
index 0000000000..370c9841d8
--- /dev/null
+++ b/cypress/integration/distroSettings/permissions.ts
@@ -0,0 +1,83 @@
+describe("with various permission levels", () => {
+  it("hides the new distro button when a user cannot create distros", () => {
+    const userData = {
+      data: {
+        user: {
+          userId: "admin",
+          permissions: {
+            canCreateDistro: false,
+            distroPermissions: {
+              admin: true,
+              edit: true,
+            },
+          },
+        },
+      },
+    };
+    cy.overwriteGQL("UserDistroSettingsPermissions", userData);
+    cy.visit("/distro/rhel71-power8-large/settings/general");
+    cy.dataCy("new-distro-button").should("not.exist");
+    cy.dataCy("delete-distro-button").should(
+      "not.have.attr",
+      "aria-disabled",
+      "true"
+    );
+    cy.get("textarea").should("not.be.disabled");
+  });
+
+  it("disables the delete button when user lacks admin permissions", () => {
+    const userData = {
+      data: {
+        user: {
+          userId: "admin",
+          permissions: {
+            canCreateDistro: false,
+            distroPermissions: {
+              admin: false,
+              edit: true,
+            },
+          },
+        },
+      },
+    };
+    cy.overwriteGQL("UserDistroSettingsPermissions", userData);
+    cy.visit("/distro/rhel71-power8-large/settings/general");
+    cy.dataCy("new-distro-button").should("not.exist");
+    cy.dataCy("delete-distro-button").should(
+      "have.attr",
+      "aria-disabled",
+      "true"
+    );
+    cy.get("textarea").should("not.be.disabled");
+  });
+
+  it("disables fields when user lacks edit permissions", () => {
+    const userData = {
+      data: {
+        user: {
+          userId: "admin",
+          permissions: {
+            canCreateDistro: false,
+            distroPermissions: {
+              admin: false,
+              edit: false,
+            },
+          },
+        },
+      },
+    };
+    cy.overwriteGQL("UserDistroSettingsPermissions", userData);
+    cy.visit("/distro/rhel71-power8-large/settings/general");
+    cy.dataCy("new-distro-button").should("not.exist");
+    cy.dataCy("delete-distro-button").should(
+      "have.attr",
+      "aria-disabled",
+      "true"
+    );
+    cy.dataCy("distro-settings-page").within(() => {
+      cy.get("input").should("be.disabled");
+      cy.get("textarea").should("be.disabled");
+      cy.get("button").should("have.attr", "aria-disabled", "true");
+    });
+  });
+});
diff --git a/src/gql/generated/types.ts b/src/gql/generated/types.ts
index 0ecf455a77..9ead10a0cb 100644
--- a/src/gql/generated/types.ts
+++ b/src/gql/generated/types.ts
@@ -8471,7 +8471,11 @@ export type UserDistroSettingsPermissionsQuery = {
     permissions: {
       __typename?: "Permissions";
       canCreateDistro: boolean;
-      distroPermissions: { __typename?: "DistroPermissions"; admin: boolean };
+      distroPermissions: {
+        __typename?: "DistroPermissions";
+        admin: boolean;
+        edit: boolean;
+      };
     };
   };
 };
diff --git a/src/gql/queries/user-distro-settings-permissions.graphql b/src/gql/queries/user-distro-settings-permissions.graphql
index 41be96777d..bd16143c6d 100644
--- a/src/gql/queries/user-distro-settings-permissions.graphql
+++ b/src/gql/queries/user-distro-settings-permissions.graphql
@@ -4,6 +4,7 @@ query UserDistroSettingsPermissions($distroId: String!) {
       canCreateDistro
       distroPermissions(options: { distroId: $distroId }) {
         admin
+        edit
       }
     }
     userId
diff --git a/src/pages/distroSettings/DeleteDistro/DeleteDistro.test.tsx b/src/pages/distroSettings/DeleteDistro/DeleteDistro.test.tsx
index 0d1299a913..83e6e26de9 100644
--- a/src/pages/distroSettings/DeleteDistro/DeleteDistro.test.tsx
+++ b/src/pages/distroSettings/DeleteDistro/DeleteDistro.test.tsx
@@ -131,6 +131,7 @@ const isAdminMock: ApolloMock<
           distroPermissions: {
             __typename: "DistroPermissions",
             admin: true,
+            edit: true,
           },
         },
       },
@@ -159,6 +160,7 @@ const notAdminMock: ApolloMock<
           distroPermissions: {
             __typename: "DistroPermissions",
             admin: false,
+            edit: false,
           },
         },
       },
diff --git a/src/pages/distroSettings/NewDistro/NewDistroButton.test.tsx b/src/pages/distroSettings/NewDistro/NewDistroButton.test.tsx
index 1ca1c5ca9f..4e42215787 100644
--- a/src/pages/distroSettings/NewDistro/NewDistroButton.test.tsx
+++ b/src/pages/distroSettings/NewDistro/NewDistroButton.test.tsx
@@ -41,6 +41,7 @@ describe("new distro button", () => {
               distroPermissions: {
                 __typename: "DistroPermissions",
                 admin: false,
+                edit: false,
               },
             },
           },
@@ -131,6 +132,7 @@ const hasPermissionsMock: ApolloMock<
           distroPermissions: {
             __typename: "DistroPermissions",
             admin: true,
+            edit: true,
           },
         },
       },
diff --git a/src/pages/distroSettings/tabs/BaseTab.tsx b/src/pages/distroSettings/tabs/BaseTab.tsx
index 0fe356f323..603c81553d 100644
--- a/src/pages/distroSettings/tabs/BaseTab.tsx
+++ b/src/pages/distroSettings/tabs/BaseTab.tsx
@@ -1,6 +1,12 @@
+import { useQuery } from "@apollo/client";
 import { useParams } from "react-router-dom";
 import { Form } from "components/Settings/Form";
 import { GetFormSchema, ValidateProps } from "components/SpruceForm";
+import {
+  UserDistroSettingsPermissionsQuery,
+  UserDistroSettingsPermissionsQueryVariables,
+} from "gql/generated/types";
+import { USER_DISTRO_SETTINGS_PERMISSIONS } from "gql/queries";
 import { usePopulateForm, useDistroSettingsContext } from "../Context";
 import { FormStateMap, WritableDistroSettingsType } from "./types";
 
@@ -15,12 +21,22 @@ export const BaseTab = <T extends WritableDistroSettingsType>({
   initialFormState,
   ...rest
 }: BaseTabProps<T>) => {
-  const { tab } = useParams<{ tab: T }>();
+  const { distroId, tab } = useParams<{ distroId: string; tab: T }>();
   const state = useDistroSettingsContext();
   usePopulateForm(initialFormState, tab);
 
+  const { data } = useQuery<
+    UserDistroSettingsPermissionsQuery,
+    UserDistroSettingsPermissionsQueryVariables
+  >(USER_DISTRO_SETTINGS_PERMISSIONS, {
+    variables: { distroId },
+  });
+  const canEditDistro =
+    data?.user?.permissions?.distroPermissions?.edit ?? false;
+
   return (
     <Form<WritableDistroSettingsType, FormStateMap>
+      disabled={!canEditDistro}
       {...rest}
       state={state}
       tab={tab}