fix(web): restrict read-only service account controls #415

Merged
simon merged 1 commit from fix/readonly-admin-guard into main 2026-06-04 07:57:10 +00:00
Owner

Summary\n- Require write-capable instance access for domain service-account create/update/delete actions.\n- Require write-capable instance access for certificate tracking and deletion actions.\n- Hide Administration navigation from non-admin roles and hide service-account/certificate mutation controls for read-only users.\n- Add regression tests for mutation guards and read-only UI gating.\n\n## Validation\n- pnpm --filter web exec node --experimental-strip-types --test lib/actions/mutation-authz.test.mjs lib/auth/read-only-ui.test.mjs\n- pnpm --filter web type-check\n- pnpm --filter web lint (passes with existing warnings)\n- DATABASE_URL=postgresql://dummy:dummy@localhost:5432/dummy BETTER_AUTH_SECRET=dummy-secret-for-ci-build-only-at-least-32 BETTER_AUTH_URL=http://localhost:3000 NEXT_PUBLIC_APP_URL=http://localhost:3000 pnpm --filter web run build\n\n## Notes\n- Full unit suite has an unrelated stale source assertion in dashboard standalone tests; filed #414.

## Summary\n- Require write-capable instance access for domain service-account create/update/delete actions.\n- Require write-capable instance access for certificate tracking and deletion actions.\n- Hide Administration navigation from non-admin roles and hide service-account/certificate mutation controls for read-only users.\n- Add regression tests for mutation guards and read-only UI gating.\n\n## Validation\n- pnpm --filter web exec node --experimental-strip-types --test lib/actions/mutation-authz.test.mjs lib/auth/read-only-ui.test.mjs\n- pnpm --filter web type-check\n- pnpm --filter web lint (passes with existing warnings)\n- DATABASE_URL=postgresql://dummy:dummy@localhost:5432/dummy BETTER_AUTH_SECRET=dummy-secret-for-ci-build-only-at-least-32 BETTER_AUTH_URL=http://localhost:3000 NEXT_PUBLIC_APP_URL=http://localhost:3000 pnpm --filter web run build\n\n## Notes\n- Full unit suite has an unrelated stale source assertion in dashboard standalone tests; filed #414.
fix(web): restrict read-only service account controls
All checks were successful
Conventional PR title / Conventional PR title (pull_request) Successful in 0s
PR Checks (Docker images) / Ansible API contract (pull_request) Successful in 7s
PR Checks (Docker images) / Detect Docker image changes (pull_request) Successful in 9s
PR Checks (Docker images) / Ingest Docker image (pull_request) Has been skipped
PR Checks (Docker images) / Ansible API Docker image (pull_request) Has been skipped
Secret Scan / gitleaks (pull_request) Successful in 27s
SAST / crypto-lint (no weak hashes / ciphers) (pull_request) Successful in 1m7s
SAST / semgrep (pull_request) Successful in 1m12s
SAST / gosec (agent) (pull_request) Successful in 2m0s
SAST / trivy (config / IaC) (pull_request) Successful in 2m3s
SAST / trivy (filesystem) (pull_request) Successful in 2m6s
SAST / gosec (ingest) (pull_request) Successful in 2m15s
PR Checks (Web) / Web (lint / type-check / build) (pull_request) Successful in 2m39s
PR Checks (Docker images) / Web Docker image (pull_request) Successful in 8m40s
def7dc3afa
simon merged commit ee79f67a62 into main 2026-06-04 07:57:10 +00:00
simon deleted branch fix/readonly-admin-guard 2026-06-04 07:57:10 +00:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
carrtech/ct-ops!415
No description provided.