Skip to content

feat(RHINENG-23947): Add Kessel perms#1521

Draft
mtclinton wants to merge 1 commit intoRedHatInsights:masterfrom
mtclinton:RHINENG-23947
Draft

feat(RHINENG-23947): Add Kessel perms#1521
mtclinton wants to merge 1 commit intoRedHatInsights:masterfrom
mtclinton:RHINENG-23947

Conversation

@mtclinton
Copy link
Contributor

@mtclinton mtclinton commented Feb 23, 2026

Integrate Kessel permission checks behind the
patch-frontend.kessel-enabled feature flag.

When Kessel is enabled, permission checks use the
Kessel SDK (useSelfAccessCheck) against workspace
resources instead of RBAC v1. When disabled,
behavior is unchanged.

Permission mapping (from patch.ksl):

  • patch:*:read -> patch_system_view
  • patch:: -> patch_system_edit
  • patch:template:write -> patch_template_edit

Description

RHINENG-23947

Please include a summary of the change, what this fixes/creates/improves.

  • Add AccessCheck.Provider and QueryClientProvider to App.js
  • Create usePermissionCheck hook that toggles between RBAC v1 and Kessel based on feature flag
  • Create useKesselWorkspaces hook to fetch default workspace ID from /api/rbac/v2/workspaces
  • Replace direct usePermissionsWithContext calls in Routes, SystemsTable, PatchSet, PatchSetDetail, and WithPermission with usePermissionCheck
  • Update @project-kessel/react-kessel-access-check to ^0.3.1 and add @tanstack/react-query
  • Add KESSEL_API_BASE_URL and RBAC_API_BASE_V2 constants

How to test the PR

Please include steps to test your PR.

Before the change

After the change

Dependent work link

Checklist:

  • The commit message has the Jira ticket linked
  • PR has a short description
  • Screenshots before and after the change are added
  • Tests for the changes have been added
  • README.md is updated if necessary
  • Needs additional dependent work

@mtclinton mtclinton requested a review from a team as a code owner February 23, 2026 19:02
@mtclinton mtclinton marked this pull request as draft February 23, 2026 19:03
@mtclinton mtclinton force-pushed the RHINENG-23947 branch 2 times, most recently from 7e9aad4 to 9f0ff68 Compare February 23, 2026 20:06
@mtclinton @cursoragent
feat(RHINENG-23947): Add Kessel perms
f8fd928 
Integrate Kessel permission checks behind the
patch-frontend.kessel-enabled feature flag.

When Kessel is enabled, permission checks use the
Kessel SDK (useSelfAccessCheck) against workspace
resources instead of RBAC v1. When disabled,
behavior is unchanged.

Permission mapping (from patch.ksl):
- patch:*:read    -> patch_system_view
- patch:*:*       -> patch_system_edit
- patch:template:write -> patch_template_edit

Changes:
- Add AccessCheck.Provider and QueryClientProvider
  to App.js
- Create usePermissionCheck hook that toggles
  between RBAC v1 and Kessel based on feature flag
- Create useKesselWorkspaces hook to fetch default
  workspace ID from /api/rbac/v2/workspaces
- Replace direct usePermissionsWithContext calls in
  Routes, SystemsTable, PatchSet, PatchSetDetail,
  and WithPermission with usePermissionCheck
- Update @project-kessel/react-kessel-access-check
  to ^0.3.1 and add @tanstack/react-query
- Add KESSEL_API_BASE_URL and RBAC_API_BASE_V2
  constants

Co-authored-by: Cursor <cursoragent@cursor.com>
mtclinton
mtclinton commented Feb 23, 2026
View reviewed changes
package.json
"@redhat-cloud-services/host-inventory-client": "^4.1.7",
"@redhat-cloud-services/javascript-clients-shared": "^2.0.0",
"@scalprum/react-core": "^0.7.1",
"@tanstack/react-query": "^5.90.5",
Copy link
Contributor Author

@mtclinton mtclinton Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just used the compliance frontend version, package lock is set to latest: 5.90.21

@codecov-commenter
Copy link

codecov-commenter commented Feb 23, 2026

Codecov Report

❌ Patch coverage is 4.54545% with 63 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.57%. Comparing base (6fb82f8) to head (f8fd928).
⚠️ Report is 7 commits behind head on master.

Files with missing lines Patch % Lines
src/Utilities/hooks/usePermissionCheck.js 0.00% 27 Missing and 9 partials ⚠️
src/Utilities/hooks/useKesselWorkspaces.js 0.00% 12 Missing and 4 partials ⚠️
...ationalComponents/WithPermission/WithPermission.js 0.00% 2 Missing and 3 partials ⚠️
src/Utilities/hooks/useFeatureFlag.js 0.00% 1 Missing and 1 partial ⚠️
src/App.js 0.00% 1 Missing ⚠️
src/Routes.js 0.00% 1 Missing ⚠️
src/SmartComponents/PatchSet/PatchSet.js 0.00% 1 Missing ⚠️
...c/SmartComponents/PatchSetDetail/PatchSetDetail.js 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1521      +/-   ##
==========================================
- Coverage   62.53%   61.57%   -0.97%     
==========================================
  Files         127      129       +2     
  Lines        3310     3365      +55     
  Branches      899      909      +10     
==========================================
+ Hits         2070     2072       +2     
- Misses       1120     1160      +40     
- Partials      120      133      +13

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mtclinton @codecov-commenter