EDM-3219: Add missing permissions related to ImageBuilder

[celdrake]

UI was missing some permission checks for actions related to imageBuilder:

• View logs
• Download image exports
• Create image exports
• Create image builds (in EmptyState)

Summary by CodeRabbit

• New Features

  • UI now respects role-based permissions: log viewing, export, download, create/duplicate and retry actions are shown or hidden per user.
  • Empty-state and action buttons dynamically enable/disable based on permissions.

• Localization

  • Added an English translation entry for the "Build failed." message.

[coderabbitai]

Walkthrough

Adds RBAC permission checks and gating across image-build and image-export UI: new RBAC resource keys, permission-driven visibility for Logs tab and routes, and permission-gated export, download, and create/retry actions; several component props made optional or extended to carry permission state.

Changes

Cohort / File(s)	Summary
RBAC Resource Types libs/ui-components/src/types/rbac.ts	Added four new RESOURCE enum members: IMAGE_BUILD_LOG, IMAGE_EXPORT, IMAGE_EXPORT_LOG, and IMAGE_EXPORT_DOWNLOAD.
Image Build Details & Navigation libs/ui-components/src/components/ImageBuilds/ImageBuildDetails/ImageBuildDetailsPage.tsx	Introduced canViewLogs from checkPermissions; tabKeys now includes 'logs' only when allowed; Logs tab and route are conditionally rendered.
Image Export Gallery libs/ui-components/src/components/ImageBuilds/ImageBuildExportsGallery.tsx	Hooked into usePermissionsContext; derived canCreateExport and canDownload; guarded onExportImage and onDownload handlers by permissions.
Image Export Cards libs/ui-components/src/components/ImageBuilds/ImageExportCards.tsx	Made onExportImage and onDownload optional; integrated permission checks (including canViewLogs) to conditionally show Logs navigation, Export, Retry, and Download actions; simplified label/description rendering.
Image Build Row libs/ui-components/src/components/ImageBuilds/ImageBuildRow.tsx	Added required canCreate: boolean prop; conditionalized Retry/Duplicate action and build-failure UI based on canCreate.
Image Builds Page / Table / Empty State libs/ui-components/src/components/ImageBuilds/ImageBuildsPage.tsx	Made onCreateClick optional on empty state; propagate canCreate into ImageBuildTable/ImageBuildRow; empty-state create action only shown when canCreate is true.
Translations libs/i18n/locales/en/translation.json	Added translation key/value: Build failed..

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: adding missing permission checks for ImageBuilder actions.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

libs/ui-components/src/components/ImageBuilds/ImageExportCards.tsx (1)

113-190: ⚠️ Potential issue | 🟠 Major

Align "View logs" permission with the logs route guard.

The logs tab/route is gated by RESOURCE.IMAGE_BUILD_LOG in ImageBuildDetailsPage, but this card uses RESOURCE.IMAGE_EXPORT_LOG to decide whether to show the “View logs” button. If these permissions are not always granted together, users can see a button that navigates to an unavailable tab (or miss the button despite having access). Please align the permission check with the logs route guard (or update the route guard to accept IMAGE_EXPORT_LOG as well).

🔧 Suggested fix (align with build logs permission)

-  const [canViewLogs] = checkPermissions([{ kind: RESOURCE.IMAGE_EXPORT_LOG, verb: VERB.GET }]);
+  const [canViewLogs] = checkPermissions([{ kind: RESOURCE.IMAGE_BUILD_LOG, verb: VERB.GET }]);

🤖 Fix all issues with AI agents

In `@libs/ui-components/src/components/ImageBuilds/ImageBuildRow.tsx`:
- Around line 53-60: The inline "Retry" action rendered later in
ImageBuildRow.tsx must be guarded by the same canCreate check as the actions
push; update the conditional that renders the inline Retry link (the branch that
shows a title based on buildReason ===
ImageBuildConditionReason.ImageBuildConditionReasonFailed and calls navigate({
route: ROUTE.IMAGE_BUILD_EDIT, postfix: imageBuildName })) to only render when
canCreate is true, mirroring the earlier actions.push block so the Retry link
cannot appear if canCreate is false.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

libs/ui-components/src/components/ImageBuilds/ImageExportCards.tsx (1)

178-202: ⚠️ Potential issue | 🟡 Minor

Permission checks are correct; route construction is inconsistent with codebase patterns.

The "View logs" button correctly checks both exists && canViewLogs, and the "Export image" button properly gates on onExportImage availability.

The route construction on lines 183-184 works functionally, but it uses direct string concatenation (${baseRoute}/${imageBuildId}/logs) which differs from the standard pattern used elsewhere in the codebase. Other components navigate to detail routes using navigate({ route: ROUTE.IMAGE_BUILD_DETAILS, postfix: imageBuildId }) through the useNavigate hook. Consider using the same pattern here for consistency.