fix: [UIE-9435] - IAM - Ensure useEntitiesPermissions does not run for admin users#13012
Merged
abailly-akamai merged 11 commits intolinode:developfrom Oct 28, 2025
Merged
fix: [UIE-9435] - IAM - Ensure useEntitiesPermissions does not run for admin users#13012abailly-akamai merged 11 commits intolinode:developfrom
abailly-akamai merged 11 commits intolinode:developfrom
Conversation
abailly-akamai
changed the title
abailly-akamai
commented
Oct 28, 2025
| entity.id | ||
| ), | ||
| enabled, | ||
| enabled: enabled && Boolean(profile?.restricted), |
Contributor
Author
There was a problem hiding this comment.
This is the actual fix
Contributor
|
Cool, thanks a lot! Confirm there is no fetching per entity for Also you might want to add the loading state to |
aaleksee-akamai
approved these changes
Oct 28, 2025
mpolotsk-akamai
approved these changes
Oct 28, 2025
Contributor
mpolotsk-akamai
left a comment
mpolotsk-akamai
left a comment
There was a problem hiding this comment.
Looks great, thanks for the fix!
Collaborator
Cloud Manager UI test results🔺 1 failing test on test run #11 ↗︎
Details
TroubleshootingUse this command to re-run the failing tests: pnpm cy:run -s "cypress/e2e/core/linodes/clone-linode.spec.ts" |
|||||||||||||||||
dwiley-akamai
approved these changes
Oct 28, 2025
Contributor
dwiley-akamai
left a comment
dwiley-akamai
left a comment
There was a problem hiding this comment.
Code review ✅
Verification steps ✅
This was referenced Oct 30, 2025
corya-akamai
added a commit
to corya-akamai/manager
that referenced
this pull request
Dec 8, 2025
Merge in FEE/cloud-manager from release/dev-sync-20251031d to dev Squashed commit of the following: commit c34d4069039fc4e11d92111855487833d59b0982 Merge: e10e817 72a3e63 Author: Conal Ryan <corya@akamai.coms> Date: Fri Oct 31 10:41:12 2025 -0400 Merge branch 'develop' of github.com:linode/manager into release/dev-sync-20251031d commit 72a3e63 Author: aaleksee-akamai <aaleksee@akamai.com> Date: Fri Oct 31 13:06:23 2025 +0100 feat: [UIE-9154] - IAM: clean up nodebalancer permissions (linode#13017) * feat: [UIE-9154] - IAM: clean up nodebalancer permissions * changesets * update perm for nodebalancer_contributor commit 7f451c9 Author: kagora-akamai <kagora@akamai.com> Date: Fri Oct 31 08:35:17 2025 +0100 upcoming: [DPS-34191] - logs delivery pendo tags (linode#13022) * upcoming: [DPS-34191] - logs delivery pendo tags * Added changeset: Logs Delivery Stream/Destination Pendo tags * Change Edit Destination/Stream button to Save button * update e2e with Edit to Save change commit 30c2181 Author: Hana Xu <115299789+hana-akamai@users.noreply.github.com> Date: Thu Oct 30 14:54:15 2025 -0400 refactor: [UIE-9323] - Replace Formik with React Hook Form in DatabaseManageNetworkingDrawer (linode#13002) ## Description 📝 Refactor Database Manage Networking drawer to use React Hook Form instead of Formik ## How to test 🧪 ### Prerequisites (How to setup test environment) - Have the Database VPC feature flag enabled ### Verification steps (How to verify changes) - [ ] Go to the details page of a Database and click on the Networking tab, then click on Manage Networking to open the drawer - [ ] Test adding/removing a VPC, error messages, etc - [ ] There should be no regressions compared to prod commit 4f4e91d Author: Alban Bailly <130582365+abailly-akamai@users.noreply.github.com> Date: Thu Oct 30 17:55:46 2025 +0100 fix: [UIE-9484] - Enhance `enabled` checks for queries ran within `useQueryWithPermissions` (linode#13039) commit 0de8842 Author: Jaalah Ramos <125309814+jaalah-akamai@users.noreply.github.com> Date: Thu Oct 30 12:39:16 2025 -0400 fix: [M3-10691] - Upcoming maintenance “When” shows time until maintenance; derive start when absent (linode#13020) * change: [M3-10691] - Upcoming maintenance “When” shows time until maintenance; derive start when absent * Add changeset * Change changeset * Fix double display of banners for a single linode * Mock maintenance policies for MSW to ensure proper time * Update broken cypress tests due to banner display changes * revert PlatformMaintenanceBanner.tsx changes * Update unit test --------- Co-authored-by: Jaalah Ramos <jaalah.ramos@gmail.com> commit 356fc4e Author: santoshp210-akamai <159890961+santoshp210-akamai@users.noreply.github.com> Date: Thu Oct 30 13:27:13 2025 +0530 upcoming: [DI-27663]: Resetting stale dimension filter values from the from (linode#13018) * upcoming: [DI-27663] - Hook to remove invalidate dimension filter values from form * renaming the hook * removed unnecessary comment * add changesets * upcmong: [DI-27663] - Added unit tests to the cleanup hook * fix tense in changeset commit 40219ce Author: Ankita <ankitaan@akamai.com> Date: Thu Oct 30 01:18:46 2025 +0530 upcoming: [DI-27803] - Add new optional NodeBalancers filter in Nodebalancer-Firewall dashboard (linode#13029) * [DI-27803] - Add new optional nodebalancers filter in nodebalancer firewall dashboard * [DI-27803] - update as latest aclp dev * upcoming: [DI-27803] - cleanup * upcoming: [DI-27803] - more cleanup * upcoming: [DI-27803] - Pr comments * upcoming: [DI-27803] - Pass order by * upcoming: [DI-27803] - Minor cleanup * upcoming: [DI-27803] - Add temporary integration in firewalls page for reviewer * upcoming: [DI-27803] - Add changeset * upcoming: [DI-27803] - use existing style const * upcoming: [DI-27803] - Remove temporary integration in service page commit 3de19a3 Author: smans-akamai <smans@akamai.com> Date: Wed Oct 29 15:32:06 2025 -0400 chore: [UIE-8745] - Add missing changeset for Table and Paginator web component integration in DBaaS (linode#13035) * chore: [UIE-8745] - Add missing changeset for Table and Paginator web component integration in DBaaS * Adding actual changeset file pointing to previous PR with missing changeset commit 756ab86 Author: Jaalah Ramos <125309814+jaalah-akamai@users.noreply.github.com> Date: Wed Oct 29 15:02:04 2025 -0400 fix: [M3-10688] - Add ability to enter migration queue (linode#13024) * hotfix: [M3-10688] - Add ability to enter migration queue * Bump version and changelog * Revert hotfix changes and add changeset * Add feature flag --------- Co-authored-by: Jaalah Ramos <jaalah.ramos@gmail.com> commit df33614 Author: Purvesh Makode <pmakode@akamai.com> Date: Wed Oct 29 19:56:11 2025 +0530 fix: [M3-10689] - MTC supported regions ids for MTC Linode Migrations (linode#13026) * Fix invalid oslo region id and update MTC_SUPPORTED_REGIONS * Add regions mock data for us-iad-2 * Update comment * Added changeset: Update `MTC_SUPPORTED_REGIONS` to include valid region IDs (`no-osl-1`, `us-iad`, `us-iad-2`) and replaced invalid `no-east` * Extend mtc2025 feature flag to support mtc supported regions * Revert the last commit to keep this branch in the working state This reverts commit c180d98. * Add new flag and extend it to support MTC regions commit 67ff37f Author: mpolotsk-akamai <157619599+mpolotsk-akamai@users.noreply.github.com> Date: Wed Oct 29 14:25:32 2025 +0100 fix: [UIE-9267] - IAM: VPC assign linode permission fix (linode#13030) * fix: [UIE-9267] - IAM: VPC assign linode permission fix * Added changeset: IAM: Linodes without required permissions visible and selectable in Assign/Unassign Linodes selector * fix: [UIE-9267] - IAM: unit test fix * fix: [UIE-9267] - IAM: refactoring commit 767597e Author: mpolotsk-akamai <157619599+mpolotsk-akamai@users.noreply.github.com> Date: Wed Oct 29 13:42:51 2025 +0100 feat: [UIE-9357] - IAM Delegation: Default Roles table (linode#12990) * feat: [UIE-9357] - IAM Delegation: Default Roles Table * feat: [UIE-9357] - IAM Delegation: unit test * feat: [UIE-9357] - IAM Delegation: refactoring * feat: [UIE-9357] - rebase * feat: [UIE-9357] - remove useAssignedRoles hook since it's no longer needed * Added changeset: IAM: Default Roles Table * feat: [UIE-9357] - review fix * feat: [UIE-9357] - test fix * feat: [UIE-9357] - review fix * feat: [UIE-9357] - mock data fix, view entities url fix * feat: [UIE-9357] - refactor --------- Co-authored-by: Alban Bailly <abailly@akamai.com> commit 02d7050 Author: Ankita <ankitaan@akamai.com> Date: Wed Oct 29 11:16:16 2025 +0530 upcoming: [DI-27803] - Introduce style constant for hiding scroll bar for filters (linode#13028) * upcoming: [DI-27803] - Introduce style constant for hiding scroll bar * upcoming: [DI-27803] - Remove loading constraint from options * upcoming: [DI-27803] - Update prop name * upcoming: [DI-27803] - Add changeset commit f7b9ff7 Author: smans-akamai <smans@akamai.com> Date: Tue Oct 28 16:10:16 2025 -0400 change: [UIE-9447] - DBaaS - Remove legacy backend calls (linode#13015) * change: [UIE-9447] - DBaaS - Remove legacy backend calls and clean up unused logic * Fixing databases utilities tests * try mocking types * try increasing timeout * Adding changesets * Updating changeset comment and create-database.spec mockDatabase platform * Removing changeset and updating PR to refactor * Adding back changeset --------- Co-authored-by: Hana Xu <hxu@akamai.com> commit 49c6491 Author: Alban Bailly <130582365+abailly-akamai@users.noreply.github.com> Date: Tue Oct 28 17:29:35 2025 +0100 fix: [UIE-9435] - IAM - Ensure useEntitiesPermissions does not run for admin users (linode#13012) * get rid of fetch loop * test fix * loading states * fix redundant call * more loading states * only for admins then * simple fix for admins * comment * Added changeset: IAM - Ensure useEntitiesPermissions does not run for admin users commit 5e60908 Merge: c1cff6d 6fde11f Author: Banks Nussman <bnussman@akamai.com> Date: Tue Oct 28 12:14:26 2025 -0400 Merge branch 'master' into develop commit 6fde11f Merge: a79aaf8 ae97be6 Author: Banks Nussman <115251059+bnussman-akamai@users.noreply.github.com> Date: Tue Oct 28 12:12:44 2025 -0400 Release v1.153.2 - staging → master (linode#13021) * hotfix: [M3-10688] - Add ability to enter migration queue (linode#13016) * hotfix: [M3-10688] - Add ability to enter migration queue * Bump version and changelog --------- Co-authored-by: Jaalah Ramos <jaalah.ramos@gmail.com> * hotfix: [UIE-9467] - Update Linode invoice US address (linode#13019) * Linode invoice US address update * Update changelog --------- Co-authored-by: Banks Nussman <bnussman@akamai.com> * Revert "hotfix: [M3-10688] - Add ability to enter migration queue" (linode#13023) * Revert "hotfix: [M3-10688] - Add ability to enter migration queue (linode#13016)" This reverts commit 8a7101e. * version bump * Update packages/manager/CHANGELOG.md Co-authored-by: Dajahi Wiley <114682940+dwiley-akamai@users.noreply.github.com> --------- Co-authored-by: Jaalah Ramos <125309814+jaalah-akamai@users.noreply.github.com> Co-authored-by: Jaalah Ramos <jaalah.ramos@gmail.com> Co-authored-by: Purvesh Makode <pmakode@akamai.com> Co-authored-by: Dajahi Wiley <114682940+dwiley-akamai@users.noreply.github.com> commit c1cff6d Author: Ankita <ankitaan@akamai.com> Date: Tue Oct 28 21:10:39 2025 +0530 upcoming: [DI-27803] - Firewall-Nodebalancer dashboard enhancements - filtering of firewalls & single select firewall filter (linode#13014) * add filtering for firewalls * update comments * upcoming: [DI-27803] - Update util * upcoming: [DI-27803] - Update comments * upcoming: [DI-27803] - Update util and comments * upcoming: [DI-27803] - Update custom-select, config, utils * upcoming: [DI-27803] - Remove type error * upcoming: [DI-27803] - Update comments * upcoming: [DI-27803] - Improve consistency * [DI-27803] - fix linode interface filtering bug * upcoming: [DI-27803] - Add changeset * upcoming: [DI-27803] - Avoid type casting, convert to string array --------- Co-authored-by: Nikhil Agrawal <165884194+nikhagra-akamai@users.noreply.github.com> commit ae97be6 Author: Banks Nussman <115251059+bnussman-akamai@users.noreply.github.com> Date: Tue Oct 28 11:11:20 2025 -0400 Update packages/manager/CHANGELOG.md Co-authored-by: Dajahi Wiley <114682940+dwiley-akamai@users.noreply.github.com> ... and 58 more commits
shagufa-akamai
pushed a commit
to shagufa-akamai/manager
that referenced
this pull request
Dec 11, 2025
…r admin users (linode#13012) * get rid of fetch loop * test fix * loading states * fix redundant call * more loading states * only for admins then * simple fix for admins * comment * Added changeset: IAM - Ensure useEntitiesPermissions does not run for admin users
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description 📝
In
useQueryWithPermissionsthe following util checks permissions for every entity returned by the query:This creates N parallel API requests where N = number of entities. For 3,000 linodes, that's 3,000 requests to:
GET /v4beta/iam/users/{username}/permissions/{entityType}/{entityId}This is catastrophic for performance, but necessary for restricted users as we have no other way to check permission for a specific entity.
However, this should never run for admin users (`!profile.restricted) as they already have access to those entities.
As a result, I had to improve some loading states where
useQueryWithPermissionsChanges 🔄
useEntitiesPermissionsdoes not run for admin usersuseEntitiesPermissionsScope 🚢
Upon production release, changes in this PR will be visible to:
Preview 📷
How to test 🧪
Prerequisites
Use an IAM account with a large amount of Linodes and Firewalls (staging, ask @kwojtowiakamai for access) for large data sets or DevCloud IAM account to confirm the behavior on a small data set.
👉 As an ADMIN:
🐛 Bug
✅ Fix + improved loading states (now that we don't have to wait for large query sets)
👉 As a RESTRICTED USER (still seeing permission requests for every entity)
✅ No regression
useQueryWithPermissionsis being used and verify no regressionsAuthor Checklists
As an Author, to speed up the review process, I considered 🤔
👀 Doing a self review
❔ Our contribution guidelines
🤏 Splitting feature into small PRs
➕ Adding a changeset
🧪 Providing/improving test coverage
🔐 Removing all sensitive information from the code and PR description
🚩 Using a feature flag to protect the release
👣 Providing comprehensive reproduction steps
📑 Providing or updating our documentation
🕛 Scheduling a pair reviewing session
📱 Providing mobile support
♿ Providing accessibility support
As an Author, before moving this PR from Draft to Open, I confirmed ✅