Skip to content

fix(ui): clarify Unlimited Visibility in RBAC forms#11851

Merged
HugoPBrito merged 11 commits into
masterfrom
PROWLER-2148-clarify-unlimited-visibility-rbac
Jul 8, 2026
Merged

fix(ui): clarify Unlimited Visibility in RBAC forms#11851
HugoPBrito merged 11 commits into
masterfrom
PROWLER-2148-clarify-unlimited-visibility-rbac

Conversation

@HugoPBrito

@HugoPBrito HugoPBrito commented Jul 6, 2026

Copy link
Copy Markdown
Member

Context

RBAC role forms need clearer in-page guidance for Unlimited Visibility because it controls tenant-wide visibility and affects how role access behaves when provider groups are not enough.

Description

This PR improves the role create/edit forms by:

  • Keeping Unlimited Visibility inside the Visibility section so the setting stays close to provider-group access.
  • Adding a subtle blue information note that explains the tenant-wide visibility impact and highlights that it is required for the Jira integration.
  • Hiding only the Groups selector when Unlimited Visibility is enabled, while keeping the Visibility section and Unlimited Visibility control visible.
  • Adding behavior coverage for add/edit role visibility interactions.

Steps to review

  1. Open the role creation or role edit form.
  2. In the Visibility section, confirm Unlimited Visibility shows a subtle information note with the blue info icon.
  3. Enable Unlimited Visibility and confirm only the Groups selector disappears, while the Visibility section and checkbox remain visible.
  4. Disable Unlimited Visibility and confirm the Groups selector returns.
  5. Run:
    • cd ui && pnpm test:unit components/roles/workflow/forms/add-role-form.test.tsx components/roles/workflow/forms/edit-role-form.test.tsx
    • cd ui && pnpm run typecheck

Checklist

Community Checklist
  • This feature/issue is listed in here or roadmap.prowler.com
  • Is it assigned to me, if not, request it via the issue/feature in here or Prowler Community Slack

SDK/CLI

  • Are there new checks included in this PR? No
    • If so, do we need to update permissions for the provider? Please review this carefully.

UI

  • All issue/task requirements work as expected on the UI
  • If this PR adds or updates npm dependencies, include package-health evidence (maintenance, popularity, known vulnerabilities, license, release age) and explain why existing/native alternatives are insufficient.
  • Screenshots/Video of the functionality flow (if applicable) - Mobile (X < 640px)
  • Screenshots/Video of the functionality flow (if applicable) - Table (640px > X < 1024px)
  • Screenshots/Video of the functionality flow (if applicable) - Desktop (X > 1024px)
  • Ensure new entries are added to CHANGELOG.md, if applicable.

API

  • All issue/task requirements work as expected on the API
  • Endpoint response output (if applicable)
  • EXPLAIN ANALYZE output for new/modified queries or indexes (if applicable)
  • Performance test results (if applicable)
  • Any other relevant evidence of the implementation (if applicable)
  • Verify if API specs need to be regenerated.
  • Check if version updates are required (e.g., specs, uv, etc.).
  • Ensure new entries are added to CHANGELOG.md, if applicable.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@HugoPBrito HugoPBrito requested a review from a team as a code owner July 6, 2026 12:29
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

✅ All required changelog fragments are present.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

No Conflicts

No conflict markers, and the branch merges cleanly into its base.

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

Refactors role permission forms to use shared helpers and a reusable hook for manage_providers and unlimited_visibility, adds an Unlimited Visibility section/field component, updates checkbox wiring to onValueChange, revises permission copy, and expands tests plus changelog text.

Changes

Unlimited Visibility coupling and UI

Layer / File(s) Summary
Role permission helpers and sync hook
ui/lib/role-permissions.ts, ui/hooks/use-manage-providers-unlimited-visibility.ts
Adds getVisiblePermissionFormFields, getUnlimitedVisibilityField, and the useManageProvidersUnlimitedVisibility hook for coordinating manage_providers and unlimited_visibility state.
UnlimitedVisibilitySection/Field component and copy
ui/components/roles/workflow/forms/unlimited-visibility-section.tsx, ui/lib/helper.ts, ui/CHANGELOG.md
Adds UnlimitedVisibilitySection and UnlimitedVisibilityField, updates the unlimited_visibility permission description, and records the change in the changelog.
AddRoleForm wiring and tests
ui/components/roles/workflow/forms/add-role-form.tsx, ui/components/roles/workflow/forms/add-role-form.test.tsx
Uses the shared hook/helpers, conditionally renders UnlimitedVisibilityField, updates checkbox handlers, and adds interaction coverage for the new state transitions.
EditRoleForm wiring and tests
ui/components/roles/workflow/forms/edit-role-form.tsx, ui/components/roles/workflow/forms/edit-role-form.test.tsx
Applies the same shared hook/helper integration, updates checkbox wiring, and adds coverage for coupling and initial-state scenarios.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant RoleForm
  participant useManageProvidersUnlimitedVisibility
  participant FormState

  User->>RoleForm: toggle permission checkbox
  RoleForm->>useManageProvidersUnlimitedVisibility: setPermissionValue(field, checked)
  useManageProvidersUnlimitedVisibility->>FormState: setValue(field, checked)
  User->>RoleForm: toggle "Manage Providers"
  RoleForm->>useManageProvidersUnlimitedVisibility: setPermissionValue(manage_providers, checked)
  useManageProvidersUnlimitedVisibility->>FormState: setValue(unlimited_visibility, true/false)
Loading

Suggested reviewers: alejandrobailo, jfagoagas

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title is concise and accurately summarizes the main change: clarifying Unlimited Visibility in RBAC forms.
Description check ✅ Passed The description follows the template with Context, Description, Steps to review, and Checklist, and it includes the key implementation summary.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch PROWLER-2148-clarify-unlimited-visibility-rbac

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

🔒 Container Security Scan

Image: prowler-ui:77ebcb7
Last scan: 2026-07-08 10:36:53 UTC

✅ No Vulnerabilities Detected

The container image passed all security checks. No known CVEs were found.

📋 Resources:

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ui/components/roles/workflow/forms/add-role-form.tsx`:
- Around line 155-181: The UnlimitedVisibilitySection block in AddRoleForm is
duplicated in EditRoleForm, so extract the checkbox plus conditional explanatory
paragraph into a shared component such as UnlimitedVisibilityField. Reuse that
component from both add-role-form.tsx and edit-role-form.tsx, passing the
existing state and handlers like isSelected, isDisabled, and onValueChange so
the compliance text and behavior stay in sync.

In `@ui/components/roles/workflow/forms/role-permissions.ts`:
- Around line 1-14: The shared role-permissions logic should not live under
forms/ because it is used by both add-role-form.tsx and edit-role-form.tsx. Move
the reusable hook useManageProvidersUnlimitedVisibility into a hooks/ module and
the pure helpers getVisiblePermissionFormFields and getUnlimitedVisibilityField
into lib/role-permissions.ts, then update the existing consumers to import from
those new locations while keeping the types and behavior unchanged.
- Around line 41-92: Avoid auto-enabling unlimited_visibility on initial mount;
the useEffect in useManageProvidersUnlimitedVisibility is rewriting existing
form data when manage_providers is already true and unlimited_visibility is
false. Update the effect to skip the first render or only react to user-driven
changes in manage_providers, while keeping setPermissionValue and
setUnlimitedVisibility responsible for syncing the dependent field during
interactions.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 843b49b5-4f86-47a0-9d8a-bfa571b1b1cd

📥 Commits

Reviewing files that changed from the base of the PR and between 441f2a3 and 454c77e.

📒 Files selected for processing (7)
  • ui/components/roles/workflow/forms/add-role-form.test.tsx
  • ui/components/roles/workflow/forms/add-role-form.tsx
  • ui/components/roles/workflow/forms/edit-role-form.test.tsx
  • ui/components/roles/workflow/forms/edit-role-form.tsx
  • ui/components/roles/workflow/forms/role-permissions.ts
  • ui/components/roles/workflow/forms/unlimited-visibility-section.tsx
  • ui/lib/helper.ts

Comment thread ui/components/roles/workflow/forms/add-role-form.tsx Outdated
Comment thread ui/components/roles/workflow/forms/role-permissions.ts Outdated
Comment thread ui/hooks/use-manage-providers-unlimited-visibility.ts
@github-actions github-actions Bot added the has-conflicts The PR has conflicts that needs to be resolved. label Jul 6, 2026
@github-actions github-actions Bot removed the has-conflicts The PR has conflicts that needs to be resolved. label Jul 6, 2026

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)
ui/components/roles/workflow/forms/edit-role-form.tsx (1)

206-211: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Drop {...form.register(field)} from this controlled checkbox.
This checkbox is already controlled via isSelected + onValueChange, so spreading register adds a second change path and can bypass the manage_providers / unlimited_visibility sync in setPermissionValue.

♻️ Proposed change
                 <Checkbox
-                  {...form.register(field as keyof FormValues)}
                   isSelected={!!form.watch(field as keyof FormValues)}
                   onValueChange={(checked) =>
                     setPermissionValue(field, checked)
                   }
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ui/components/roles/workflow/forms/edit-role-form.tsx` around lines 206 -
211, The Checkbox in edit-role-form is being controlled twice by both
form.register and the isSelected/onValueChange pair, which can interfere with
the permission sync handled in setPermissionValue. Remove the spread
registration from this Checkbox and keep it controlled only through form.watch
and setPermissionValue so the manage_providers and unlimited_visibility updates
remain the single source of truth.
ui/components/roles/workflow/forms/unlimited-visibility-section.tsx (1)

14-14: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Hide decorative icon from assistive tech.

The Eye icon is purely decorative next to the "Unlimited Visibility" heading but lacks aria-hidden, unlike InfoIcon in add-role-form.tsx which sets aria-hidden={"true"}. Screen readers may announce it as an unlabeled graphic.

♿ Proposed fix
-          <Eye className="mt-1 size-5 shrink-0 text-orange-700 dark:text-orange-300" />
+          <Eye
+            aria-hidden="true"
+            className="mt-1 size-5 shrink-0 text-orange-700 dark:text-orange-300"
+          />
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@ui/components/roles/workflow/forms/unlimited-visibility-section.tsx` at line
14, Add the same accessibility treatment used elsewhere for decorative icons by
marking the Eye icon in unlimited-visibility-section.tsx as hidden from
assistive tech. Update the Eye usage inside the Unlimited Visibility heading so
it includes aria-hidden set to true, mirroring the InfoIcon pattern in
add-role-form.tsx, and keep the rest of the heading markup unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@ui/components/roles/workflow/forms/edit-role-form.tsx`:
- Around line 206-211: The Checkbox in edit-role-form is being controlled twice
by both form.register and the isSelected/onValueChange pair, which can interfere
with the permission sync handled in setPermissionValue. Remove the spread
registration from this Checkbox and keep it controlled only through form.watch
and setPermissionValue so the manage_providers and unlimited_visibility updates
remain the single source of truth.

In `@ui/components/roles/workflow/forms/unlimited-visibility-section.tsx`:
- Line 14: Add the same accessibility treatment used elsewhere for decorative
icons by marking the Eye icon in unlimited-visibility-section.tsx as hidden from
assistive tech. Update the Eye usage inside the Unlimited Visibility heading so
it includes aria-hidden set to true, mirroring the InfoIcon pattern in
add-role-form.tsx, and keep the rest of the heading markup unchanged.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: a719a0ad-fe4b-41eb-a256-4adfb6c3a609

📥 Commits

Reviewing files that changed from the base of the PR and between f6cc329 and bc2b52f.

📒 Files selected for processing (7)
  • ui/CHANGELOG.md
  • ui/components/roles/workflow/forms/add-role-form.tsx
  • ui/components/roles/workflow/forms/edit-role-form.test.tsx
  • ui/components/roles/workflow/forms/edit-role-form.tsx
  • ui/components/roles/workflow/forms/unlimited-visibility-section.tsx
  • ui/hooks/use-manage-providers-unlimited-visibility.ts
  • ui/lib/role-permissions.ts

coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 6, 2026
@pfe-nazaries pfe-nazaries self-requested a review July 7, 2026 08:01
Comment thread ui/components/roles/workflow/forms/add-role-form.tsx Outdated
Comment thread ui/components/roles/workflow/forms/unlimited-visibility-section.tsx Outdated
@github-actions github-actions Bot added the has-conflicts The PR has conflicts that needs to be resolved. label Jul 7, 2026
…y-unlimited-visibility-rbac

# Conflicts:
#	ui/CHANGELOG.md
@github-actions github-actions Bot removed the has-conflicts The PR has conflicts that needs to be resolved. label Jul 7, 2026
HugoPBrito and others added 2 commits July 7, 2026 12:44
- Own useForm, visibility state and server-error handling inside RoleForm
- Have add/edit containers pass only defaultValues, submitText and onSubmit
- Merge the identical add/edit role schemas into a single roleFormSchema
- Replace HeroUI checkbox, divider, tooltip and input with shadcn equivalents
@pfe-nazaries pfe-nazaries self-requested a review July 7, 2026 14:20
pfe-nazaries
pfe-nazaries previously approved these changes Jul 7, 2026
Comment thread ui/components/roles/workflow/forms/role-form.tsx Outdated
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 7, 2026
@HugoPBrito

Copy link
Copy Markdown
Member Author
Screen.Recording.2026-07-07.at.15.19.15.mov

…y-unlimited-visibility-rbac

# Conflicts:
#	ui/CHANGELOG.md
@HugoPBrito HugoPBrito dismissed stale reviews from coderabbitai[bot] and pfe-nazaries via 73c7bb2 July 8, 2026 10:32
@pfe-nazaries pfe-nazaries self-requested a review July 8, 2026 11:38
@HugoPBrito HugoPBrito merged commit eee17f0 into master Jul 8, 2026
41 checks passed
@HugoPBrito HugoPBrito deleted the PROWLER-2148-clarify-unlimited-visibility-rbac branch July 8, 2026 11:42
@HugoPBrito HugoPBrito added backport This PR contains a backport - Do not set this manually backport-to-v5.33 Backport PR to the v5.33 branch and removed backport This PR contains a backport - Do not set this manually labels Jul 8, 2026
@prowler-bot

Copy link
Copy Markdown
Collaborator

💚 All backports created successfully

Status Branch Result
v5.33

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

@prowler-bot prowler-bot added the was-backported The PR was successfully backported to the target branch label Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport-to-v5.33 Backport PR to the v5.33 branch component/ui was-backported The PR was successfully backported to the target branch

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants