fix: [UIE-9062] - IAM RBAC: IP Addresses permission fix

[mpolotsk-akamai]

Description 📝

IAM RBAC: IP Addresses permission fix.
The old logic used the Grants API’s read_write grant, which doesn’t work for the account_linode_admin role. For now, we’re using the update_linode permission to control IP Addresses actions until the new detailed permissions are ready.

Changes 🔄

List any change(s) relevant to the reviewer.

• Replace read_write grant check with a check for the update_linode permission to enable/disable IP Addresses actions
• Add unit tests

Scope 🚢

Upon production release, changes in this PR will be visible to:

• All customers
• Some customers (e.g. in Beta or Limited Availability)
• No customers / Not applicable

Target release date 🗓️

August 26th

How to test 🧪

Prerequisites

(How to setup test environment)

• devcloud IAM account or local devenv setup or mock data (use the User Permissions presets)
• Note: The unrestricted account has full access — permission checks are skipped.

To test permissions using presets:

Enable MSW and use Legacy MSW Handlers.

• Use the Custom Profile preset with the restricted option selected.
• For account-related permissions (e.g. const { permissions } = usePermissions('account', ['update_linode']) ), use the Custom User Account Permissions preset.
• For entity-related permissions, use the Custom User Entity Permissions preset.
• Add the required permissions to the Custom User Account Permissions preset in the following format:

[
  "update_linode",
]

Verification steps

(How to verify changes)

• Login using a user with account_linode_admin and account_viewer roles
• Go to Linodes -> [Linode] -> Networking and confirm the following are enabled: IP Sharing, IP Transfer, Edit RDNS, Delete, Add an IP Address
• Login using a user with linode_viewer role only, confirm the same controls are disabled

Author Checklists

As an Author, to speed up the review process, I considered 🤔

👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support

• I have read and considered all applicable items listed above.

As an Author, before moving this PR from Draft to Open, I confirmed ✅

• All tests and CI checks are passing
• TypeScript compilation succeeded without errors
• Code passes all linting rules

[kwojtowiakamai]

✅ The elements is the IP Addresses section are correctly enabled/disabled based on the grants/permissions for both the IAM and non-IAM users.

[coliu-akamai]

merging develop into this branch to gauge e2e test failures, will be reviewing shortly!

[linode-gh-bot]

Cloud Manager UI test results

🔺 1 failing test on test run #3 ↗︎

❌ Failing	✅ Passing	↪️ Skipped	🕐 Duration
1 Failing	717 Passing	4 Skipped	128m 17s

Details

Failing Tests
	Spec	Test
❌	linode-storage.spec.ts	Cloud Manager Cypress Tests→linode storage tab » delete disk

Troubleshooting

Use this command to re-run the failing tests:

pnpm cy:run -s "cypress/e2e/core/linodes/linode-storage.spec.ts"

[jaalah-akamai]

✅ Confirmed changed
✅ Code changes look good
✅ Thanks for TODOs - only comment would maybe to put the ticket number that should address it, i.e.: TODO: [UIE-1000] - Description

[coliu-akamai]

✅ confirmed changes
✅ reviewed code

thanks @mpolotsk-akamai!

note: right now for a linode_viewer IAM account, seeing that Linode Interface stuff isn't disabled (but I do get an unauthorized error when trying to update stuff)

I can look into getting a PR up to try and integrate this with IAM/grants!

update: see #12708 - lmk if this makes sense, otherwise I can close it