fix(portal): Project Tab Access Permissions Match the User Permissions

[vg006]

Comprehensive Summary of your change

Issue being fixed

Fixes #22639

As mentioned in the issue, This PR updates the component and module, such that only the Project Admin can view and edit the project configuration. Other than the Project Admin, the tabs is set to be inaccessible.

Also updated the project.module.ts file, so that the page is redirected to the Projects, if an unauthorized member attempts to visit the restricted tabs accordingly.

As Limited Guest

Before	After

As Guest

Before	After

Please indicate you've done the following:

• Well Written Title and Summary of the PR
• Label the PR as needed. release-note/update, release-note/enhancement
• Accepted the DCO. Commits without the DCO will delay acceptance.
• Made sure tests are passing and test coverage is added if needed.
• Considered the docs impact and opened a new docs issue or PR with docs changes if needed in website repository.

[vg006]

To the maintainers @bupd, @Vad1mo, @OrlinVasilev, @stonezdj, @MinerYang, @chlins.

There are few tabs such as Policy and P2P Preheat with READ permissions and most of the other tabs with LIST permissions in the project.module.ts file.

As suggested in the issue, do other tabs need to be updated, such that only member with CREATE, UPDATE or DELETE access can READ/VIEW those tabs?

Thus the PR can be updated with the overall recommended changes in the Project tabs' components and modules.

[bupd]

As suggested in the issue, do other tabs need to be updated, such that only member with CREATE, UPDATE or DELETE access can READ/VIEW those tabs?

Hello @vg006, follow what the backend follows, that is if backend doesnt allow user to READ - dont show the tab, if it doesnt allow EDIT / CREATE - disable the buttons.

Hope this helps.

[vg006]

As per the requirements, I have update only the frontend components to display only tabs that are meant to be shown to the member.

Thus this PR is ready to be merged 👍

Previews

System Admin

Project Admin

Maintainer

Developer

Guest

Limited Guest

[codecov]

Codecov Report

❌ Patch coverage is 44.44444% with 10 lines in your changes missing coverage. Please review.
✅ Project coverage is 66.02%. Comparing base (b173fc3) to head (2e3149b).

Files with missing lines	Patch %	Lines
.../src/app/base/project/scanner/scanner.component.ts	22.22%	6 Missing and 1 partial ⚠️
...project/project-config/project-config.component.ts	40.00%	3 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #22708   +/-   ##
=======================================
  Coverage   66.01%   66.02%           
=======================================
  Files        1073     1073           
  Lines      116495   116511   +16     
  Branches     2939     2944    +5     
=======================================
+ Hits        76903    76924   +21     
+ Misses      35338    35337    -1     
+ Partials     4254     4250    -4     

Flag	Coverage Δ
unittests	66.02% <44.44%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...project/project-detail/project-detail.component.ts	64.46% <100.00%> (+0.59%)	⬆️
...project/project-config/project-config.component.ts	73.68% <40.00%> (-12.04%)	⬇️
.../src/app/base/project/scanner/scanner.component.ts	61.53% <22.22%> (-5.13%)	⬇️

... and 8 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vg006]

@bupd
I have made the changes only in the frontend components and didn't update the backend, as you can see in the commits.
So I'm unsure why APITEST_LDAP job is failing, particularly at this test, which is an API test.

I assure that my changes are tested and safer to merge, but can you review the changes once and share your comments?

[vg006]

This branch is rebased on top of upstream's main branch and is now ready for merge.

[bupd]

@vg006 I believe we should not change the permissions here. READ permission should be enough to view the tabs.

Scanner and config tab may not be valuable to limited guest and guest roles though. other roles can infer what the project is.

given that all roles have read permission on the config means simply are we going to show it in ui or not. and I see no value in showing config tab to a guest role.

[vg006]

@bupd

I have reverted the changes in the permission list and updated the modules and now the scanner and configuration tabs aren't visible to the Limited Guest and Guest.

Additionally if such member attempts to view those tabs by directly entering the endpoint, It will be redirected automatically.
I rebased the branch on the main, so it is ready to merge. Can you kindly review these changes?

Previews

System Admin

Project Admin

Maintainer

Developer

Guest

Limited Guest

[bupd]

/lgtm

[vg006]

@Vad1mo @bupd
Out of 12, 10 tests were successful and release note label and patch coverage are failing.

[bupd]

/lgtm

[Copilot]

Pull request overview

This PR attempts to fix a UX issue (#22639) where Limited Guest and Guest users could see project tabs (Scanner, Configuration) they couldn't fully use, causing 403 errors. The fix hides the Scanner and Configuration tabs from Guest/LimitedGuest users via role-name checks in the tab permission lambdas, and adds component-level redirects so that direct URL access is also blocked.

Changes:

• project-detail.component.ts: Adds an isLimitedGuestOrGuest() method and uses it to hide the Scanner and Configuration tabs for Guest/LimitedGuest users
• scanner.component.ts: Adds a role-based redirect in ngOnInit that sends Guest/LimitedGuest users to the projects list
• project-config.component.ts: Adds a role-based redirect in ngOnInit that sends Guest/LimitedGuest users to the projects list

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.

File	Description
project-detail/project-detail.component.ts	Adds isLimitedGuestOrGuest() helper and uses it in the Scanner and Config tab permission expressions
scanner/scanner.component.ts	Imports Router and CommonRoutes; adds redirect for Guest/LimitedGuest in ngOnInit
project-config/project-config.component.ts	Imports CommonRoutes; adds redirect for Guest/LimitedGuest in ngOnInit

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Vad1mo]

@vg006, can you check on the comments created by @copilot code review[agent]

[vg006]

Sure I will, working on it.

[vg006]

@Vad1mo All the tests were passing, except the code coverage of the patch.
The changes were reviewed by you and @bupd multiple times.
Hope this PR is ready to merge.