fix: [UIE-9062] - IAM RBAC: IP Addresses permission fix

packages/manager/.changeset/pr-12689-fixed-1755093499594.md

@@ -0,0 +1,5 @@
+---
+"@linode/manager": Fixed
+---
+
+IAM RBAC: IP Addresses actions disabled for account_linode_admin role ([#12689](https://github.com/linode/manager/pull/12689))

packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeIPAddresses.test.tsx

@@ -1,10 +1,29 @@
+import { screen, waitForElementToBeRemoved } from '@testing-library/react';
+import userEvent from '@testing-library/user-event';
+import React from 'react';
+
 import { ipAddressFactory } from 'src/factories/networking';
+import { mockMatchMedia, renderWithTheme } from 'src/utilities/testHelpers';
 
+import { LinodeIPAddresses } from './LinodeIPAddresses';
 import { listIPv6InRange } from './LinodeIPAddressRow';
 import { createType, ipResponseToDisplayRows } from './utils';
 
 import type { LinodeIPsResponse } from '@linode/api-v4/lib/linodes';
+const loadingTestId = 'circle-progress';
+const queryMocks = vi.hoisted(() => ({
+  userPermissions: vi.fn(() => ({
+    data: {
+      update_linode: true,
+    },
+  })),
+}));
+
+vi.mock('src/features/IAM/hooks/usePermissions', () => ({
+  usePermissions: queryMocks.userPermissions,
+}));
 
+beforeAll(() => mockMatchMedia());
 describe('listIPv6InRange utility function', () => {
   const ipv4List = ipAddressFactory.buildList(4);
   const ipv6Range = ipAddressFactory.build({
@@ -113,3 +132,53 @@ describe('createType utility function', () => {
     expect(createType(ipv6, 'Link Local')).toBe('Link Local – IPv6');
   });
 });
+
+describe('LinodeIPAddresses', () => {
+  it('should disable "Add an IP Address" button if the user does not have update_linode permission', async () => {
+    queryMocks.userPermissions.mockReturnValue({
+      data: {
+        update_linode: false,
+      },
+    });
+
+    const { queryByTestId } = await renderWithTheme(
+      <LinodeIPAddresses linodeID={2} />
+    );
+
+    const loadingState = queryByTestId(loadingTestId);
+    if (loadingState) {
+      await waitForElementToBeRemoved(loadingState);
+    }
+
+    const menuButton = screen.getByLabelText(/Linode IP Address Actions/i);
+    await userEvent.click(menuButton);
+
+    const ipTransferBtn = screen.getByTestId('Add an IP Address');
+    expect(ipTransferBtn).toBeInTheDocument();
+    expect(ipTransferBtn).toHaveAttribute('aria-disabled', 'true');
+  });
+
+  it('should enable "Add an IP Address" button if the user has update_linode permission', async () => {
+    queryMocks.userPermissions.mockReturnValue({
+      data: {
+        update_linode: true,
+      },
+    });
+
+    const { queryByTestId } = await renderWithTheme(
+      <LinodeIPAddresses linodeID={2} />
+    );
+
+    const loadingState = queryByTestId(loadingTestId);
+    if (loadingState) {
+      await waitForElementToBeRemoved(loadingState);
+    }
+
+    const menuButton = screen.getByLabelText(/Linode IP Address Actions/i);
+    await userEvent.click(menuButton);
+
+    const ipTransferBtn = screen.getByTestId('Add an IP Address');
+    expect(ipTransferBtn).toBeInTheDocument();
+    expect(ipTransferBtn).not.toHaveAttribute('aria-disabled', 'true');
+  });
+});

packages/manager/src/features/Linodes/LinodesDetail/LinodeNetworking/LinodeIPAddresses.tsx

@@ -23,8 +23,8 @@
 import { TableHead } from 'src/components/TableHead';
 import { TableRow } from 'src/components/TableRow';
 import { TableSortCell } from 'src/components/TableSortCell';
+import { usePermissions } from 'src/features/IAM/hooks/usePermissions';
 import { useDetermineUnreachableIPs } from 'src/hooks/useDetermineUnreachableIPs';
-import { useIsResourceRestricted } from 'src/hooks/useIsResourceRestricted';
 import { useOrderV2 } from 'src/hooks/useOrderV2';
 import { useIsLinodeInterfacesEnabled } from 'src/utilities/linodes';
 
@@ -65,12 +65,12 @@
     linode?.region ?? ''
   );
 
-  const isLinodesGrantReadOnly = useIsResourceRestricted({
-    grantLevel: 'read_only',
-    grantType: 'linode',
-    id: linodeID,
-  });
-
+  // TODO: Update to check share_ips, assign_ips, update_ip_rdns, and allocate_linode_ip_address permissions once available
+  const { data: permissions } = usePermissions(
+    'linode',
+    ['update_linode'],
+    linodeID
+  );
   const isLinodeInterface = linode?.interface_generation === 'linode';
 
   const { isUnreachablePublicIPv4, isUnreachablePublicIPv6, interfaceWithVPC } =
@@ -191,19 +191,22 @@
               ...(showAddIPButton
                 ? [
                     {
-                      disabled: isLinodesGrantReadOnly,
+                      // TODO: change to allocate_linode_ip_address permission
+                      disabled: !permissions.update_linode,
                       onClick: () => setIsAddDrawerOpen(true),
                       title: 'Add an IP Address',
                     },
                   ]
                 : []),
               {
-                disabled: isLinodesGrantReadOnly,
+                // TODO: change to assign_ips permission
+                disabled: !permissions.update_linode,
                 onClick: () => setIsTransferDialogOpen(true),
                 title: 'IP Transfer',
               },
               {
-                disabled: isLinodesGrantReadOnly,
+                // TODO: change to share_ips permission
+                disabled: !permissions.update_linode,
                 onClick: () => setIsShareDialogOpen(true),
                 title: 'IP Sharing',
               },
@@ -214,22 +217,25 @@
           <Stack direction="row" spacing={1}>
             <Button
               buttonType="secondary"
-              disabled={isLinodesGrantReadOnly}
+              // TODO: change to assign_ips permission
+              disabled={!permissions.update_linode}
               onClick={() => setIsTransferDialogOpen(true)}
             >
               IP Transfer
             </Button>
             <Button
               buttonType="secondary"
-              disabled={isLinodesGrantReadOnly}
+              // TODO: change to share_ips permission
+              disabled={!permissions.update_linode}
               onClick={() => setIsShareDialogOpen(true)}
             >
               IP Sharing
             </Button>
             {showAddIPButton && (
               <Button
                 buttonType="primary"
-                disabled={isLinodesGrantReadOnly}
+                // TODO: change to allocate_linode_ip_address permission
+                disabled={!permissions.update_linode}
                 onClick={() => setIsAddDrawerOpen(true)}
               >
                 Add an IP Address
@@ -272,7 +278,8 @@
               isUnreachablePublicIPv6={isUnreachablePublicIPv6}
               key={`${ipDisplay.address}-${ipDisplay.type}`}
               linodeId={linodeID}
-              readOnly={isLinodesGrantReadOnly}
+              // TODO: change to update_ip_rdns permission
+              readOnly={!permissions.update_linode}
             />
           ))}
         </TableBody>
@@ -309,19 +316,22 @@
         linodeIsInDistributedRegion={linodeIsInDistributedRegion}
         onClose={() => setIsAddDrawerOpen(false)}
         open={isAddDrawerOpen}
-        readOnly={isLinodesGrantReadOnly}
+        // TODO: change to allocate_linode_ip_address permission
+        readOnly={!permissions.update_linode}
       />
       <IPTransfer
         linodeId={linodeID}
         onClose={() => setIsTransferDialogOpen(false)}
         open={isTransferDialogOpen}
-        readOnly={isLinodesGrantReadOnly}
+        // TODO: change to assign_ips permission
+        readOnly={!permissions.update_linode}
       />
       <IPSharing
         linodeId={linodeID}
         onClose={() => setIsShareDialogOpen(false)}
         open={isShareDialogOpen}
-        readOnly={isLinodesGrantReadOnly}
+        readOnly={!permissions.update_linode}
+        // TODO: change to share_ips permission
       />
       {selectedIP && (
         <DeleteIPDialog