fix: fix permission handling for component deployment and workload updates

[stefinie123]

Purpose

Fix permission handling for component deployment and workload updates

Approach

Updated the deploy permission hook to check for releasebinding:create permission instead of dprecated component:deploy

This pull request updates the OpenChoreo permissions model and refines permission checks in the UI. The main changes involve replacing the old component deploy permission with a new release binding permission, introducing a workload update permission, and updating hooks and UI logic to use these new permissions. This allows for more granular and flexible access control in deployment and configuration flows.

Permissions Model Updates:

• Replaced openchoreoComponentDeployPermission with openchoreoReleaseBindingCreatePermission, updating its name, action, and references throughout the codebase to reflect the new permission for creating release bindings (deploying components). [1] [2] [3] [4] [5] [6]
• Added openchoreoWorkloadUpdatePermission for updating workload configurations, including its definition and integration into the permissions list and action mapping. [1] [2] [3]

React Hooks and Exports:

• Added hooks: useComponentUpdatePermission, useWorkloadUpdatePermission, and useConfigureAndDeployPermission to check for the new permissions and exported them for use in other components. [1] [2] [3] [4]

UI Logic Updates:

• Updated EnvironmentOverridesPage to use the new deploy permission hook, ensuring buttons are disabled if the user lacks deploy permission or if the check is still loading. [1] [2] [3] [4]
• Updated WorkloadButton to use the new composite hook (useConfigureAndDeployPermission) that enables the button if the user has any of the relevant permissions (deploy, component update, or workload update), and disables it otherwise. [1] [2] [3]

Summary by CodeRabbit

Release Notes

• New Features

  • Added support for workload configuration permissions and release binding management, enabling more granular access controls.

• Improvements

  • Enhanced configuration and deployment workflows with refined permission checks.
  • Added user-friendly denial messages when users lack required permissions.
  • Disabled action buttons when insufficient permissions exist to ensure proper access control enforcement.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 40489084-a6d0-43b8-a23c-b46b137f6f5f

📥 Commits

Reviewing files that changed from the base of the PR and between 791ec66 and 577c6f6.

📒 Files selected for processing (9)

• plugins/openchoreo-common/src/index.ts
• plugins/openchoreo-common/src/permissions.ts
• plugins/openchoreo-react/src/hooks/useComponentUpdatePermission.ts
• plugins/openchoreo-react/src/hooks/useConfigureAndDeployPermission.ts
• plugins/openchoreo-react/src/hooks/useDeployPermission.ts
• plugins/openchoreo-react/src/hooks/useWorkloadUpdatePermission.ts
• plugins/openchoreo-react/src/index.ts
• plugins/openchoreo/src/components/Environments/EnvironmentOverridesPage.tsx
• plugins/openchoreo/src/components/Environments/Workload/WorkloadButton.tsx

---

📝 Walkthrough

Walkthrough

This PR refactors Openchoreo permission management by replacing component deployment permissions with release binding creation permissions, introducing workload update permissions, and creating new React hooks to check these permissions. Existing components are updated to use the refined permission structure.

Changes

Cohort / File(s)	Summary
Permission Definitions plugins/openchoreo-common/src/permissions.ts, plugins/openchoreo-common/src/index.ts	Replaced openchoreoComponentDeployPermission with openchoreoReleaseBindingCreatePermission (name: openchoreo.releasebinding.create, action: create). Added openchoreoWorkloadUpdatePermission (name: openchoreo.workload.update, action: update). Updated permission-to-action mappings accordingly.
Permission Checking Hooks plugins/openchoreo-react/src/hooks/useComponentUpdatePermission.ts, plugins/openchoreo-react/src/hooks/useWorkloadUpdatePermission.ts, plugins/openchoreo-react/src/hooks/useConfigureAndDeployPermission.ts, plugins/openchoreo-react/src/hooks/useDeployPermission.ts	Created new hooks useComponentUpdatePermission and useWorkloadUpdatePermission for checking respective permissions. Introduced useConfigureAndDeployPermission that composes three permission checks with combined loading and denial tooltip. Updated useDeployPermission to use the new openchoreoReleaseBindingCreatePermission.
Public Hook Exports plugins/openchoreo-react/src/index.ts	Exported new hooks useComponentUpdatePermission, useWorkloadUpdatePermission, and useConfigureAndDeployPermission along with their corresponding result type interfaces.
Component Updates plugins/openchoreo/src/components/Environments/EnvironmentOverridesPage.tsx, plugins/openchoreo/src/components/Environments/Workload/WorkloadButton.tsx	Updated EnvironmentOverridesPage to import and use useDeployPermission for deploy button gating. Modified WorkloadButton to replace useDeployPermission with useConfigureAndDeployPermission and adjusted disabled-state logic accordingly.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix: Fix issue with deploying and promoting components with env overrides  #315: Introduces release binding create/update API and frontend usage; directly related as both PRs change the permission identifier from openchoreo.component.deploy to openchoreo.releasebinding.create and update deploy-related flows.
• feat: convert namespace-scoped resource definition permissions to resource-scoped #363: Modifies permission definition scoping including openchoreoComponentDeployPermission refactoring; overlaps with this PR's permission updates.

Suggested reviewers

• kaviththiranga
• sameerajayasoma
• jhivandb

Poem

🐰 Permissions bloom like spring carrots bright,
Release bindings dance in the deployment light,
Workload updates hop with newfound grace,
Permission hooks compose the perfect space! 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main change: updating permission handling for component deployment and workload updates, which is the primary focus of the changeset.
Description check	✅ Passed	The description covers Purpose, Approach, Permissions Model Updates, React Hooks and Exports, and UI Logic Updates with detailed explanations and references. However, it omits several required template sections like Goals, User stories, Release note, Documentation, Training, Certification, Marketing, Automation tests, Security checks, and others.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan for PR comments

• Generate coding plan

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}