refactor(admin-ui): migrate permission gating to Cedarling usePermission + single-source action catalog

[faisalsiddique4400]

refactor(admin-ui): migrate permission gating to Cedarling usePermission + single-source action catalog (#2872)

Summary

This PR modernizes Admin UI authorization by replacing the legacy PermChecker string-based permission flow with Cedarling-backed permission gating and a centralized action catalog.

The refactor introduces a consistent authorization model through usePermission and Protected, eliminates scattered string-based permission checks, establishes a single source of truth for resource actions, and reorganizes the Cedarling module into a cleaner constants → types → utility architecture.

This change improves type safety, maintainability, and consistency across authorization-related code while preserving existing access-control behavior.

---

Fix Summary

• Replaced legacy PermChecker permission gating with Cedarling authorization
• Added usePermission(resource) hook exposing:
  • canRead
  • canWrite
  • canDelete
• Added declarative <Protected> component for action-based UI rendering
• Migrated authorization consumers across:
  • admin
  • auth-server
  • user-management
  • user-claims
    plugins
• Removed ad-hoc string-based permission matching
• Added centralized RESOURCE_ACTIONS catalog as the single source of truth for resource actions
• Added CEDAR_ACTIONS constant and replaced bare action literals throughout the codebase
• Derived CedarAction from the centralized action catalog
• Reorganized Cedarling architecture into a one-way dependency model:
  • constants
  • types
  • utility
• Replaced CedarlingLogType enum with CEDARLING_LOG_TYPE constant
• Consolidated Cedarling types into types/cedarTypes.ts
• Added centralized type exports through types/index.ts
• Simplified resource ownership by removing resourceScopes.ts
• Kept resource methods isolated within resources.ts
• Updated root barrel exports to expose only:
  • hooks
  • Protected
  • types
• Removed PermChecker.ts
• Extracted audit-related functionality into:
  • app/utils/auditAction.ts
• Migrated PermCheckerTypes to AuditActionTypes
• Added Cedarling permission bridge mocks for testing
• Added authorization and constants test coverage

---

Verification

npm run check:all
npm run test:all

passes successfully.

• Lint passes successfully
• Markdown validation passes successfully
• Type-check passes successfully
• Jest test suites pass successfully
• Verified new usePermission test coverage
• Verified action catalog and constants test coverage
• Verified authorization gating behavior remains consistent across migrated modules

---

🔗 Ticket

Closes: #2872

Summary by CodeRabbit

• Refactored Authorization System

  • Centralized permission checks via a new resource/action hook; menus, routes and many pages now use action+resource gating for consistent access control.

• Improved Storage Handling

  • Replaced direct localStorage calls with a safe storage utility for more robust persistence and SSR-safe behavior.

• UI Adjustments

  • Reduced header spacing and added responsive chart media query for improved layout on smaller screens.

[coderabbitai]

Warning

Review limit reached

@faisalsiddique4400, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 24 minutes and 39 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b1df1b0e-c771-4c44-b7ec-f83a2675317d

📥 Commits

Reviewing files that changed from the base of the PR and between 06f1f1c and 61c8b41.

📒 Files selected for processing (6)

• admin-ui/app/components/App/PermissionsPolicyInitializer.tsx
• admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.tsx
• admin-ui/app/routes/index.tsx
• admin-ui/app/utils/hooks/index.ts
• admin-ui/app/utils/hooks/useFirstAuthorizedPath.ts
• admin-ui/app/utils/menuFilters.ts

📝 Walkthrough

Walkthrough

Migrates Cedarling permission handling to an action/resource catalog and new hook usePermission, rewires many components and tests to use it, reorganizes cedar types/constants/utilities, introduces a guarded storage helper, and updates docs and Jest mocks.

Changes

Permission & storage migration

Layer / File(s)	Summary
Permission & storage migration admin-ui/...	Adds CEDAR_ACTIONS/RESOURCE_ACTIONS, cedarTypes.ts, usePermission hook and mock bridge, updates useCedarling internals and redux permission shape, migrates pages/plugins/tests to usePermission, adds storage helper and rewires persisted theme/lang/logout/token flows, and updates docs and jest config.

Sequence Diagram(s)

(silently skipped because changes are broad but the main sequential flows are simple and documented in code)

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~90+ minutes

Possibly related PRs

• GluuFederation/flex#2731: Both PRs are documentation updates around Cedarling policy-store/admin-ui access control—main PR updates the Admin UI’s Cedarling docs and hook/evaluation model, while the retrieved PR documents the Cedarling policy-store schema/config changes used by the Admin UI.
• GluuFederation/flex#2502: Both PRs touch the Admin Settings UI; this PR changes permission/log-type handling to usePermission and CEDARLING_LOG_TYPE.
• GluuFederation/flex#2730: Overlaps on ScopeListPage and related permission wiring; both modify permission handling for scoped UI.

Suggested labels

kind-feature

Suggested reviewers

• moabu
• duttarnab

Poem

"I nibble constants, hop through hooks,
I stash the theme where storage books.
Permissions whisper read or write,
I guard the gates both day and night.
🐇🍎 — a rabbit cheers the refactor!"

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch admin-ui-issue-2872

[coderabbitai]

Actionable comments posted: 6

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

admin-ui/plugins/fido/__tests__/components/Metrics/MetricsPage.test.tsx (1)

50-52: 🧹 Nitpick | 🔵 Trivial

Avoid mock-implementation leakage across tests.

In admin-ui/plugins/fido/__tests__/components/Metrics/MetricsPage.test.tsx, beforeEach uses jest.clearAllMocks(), which clears call history but doesn’t reset usePermission.mockImplementation(...). The “missing permission” test sets canRead: false; today it’s the last test in the file, but any later tests added could inherit that override. Prefer jest.resetAllMocks() in beforeEach (or re-apply the default usePermission mock in beforeEach/afterEach).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/plugins/fido/__tests__/components/Metrics/MetricsPage.test.tsx`
around lines 50 - 52, The tests currently call jest.clearAllMocks() in the
beforeEach, which only clears call history and allows mock implementations like
usePermission.mockImplementation(...) to leak; change the setup to use
jest.resetAllMocks() in the beforeEach (or re-apply the default usePermission
mock implementation there) so usePermission and other mocks are reset between
tests and the "missing permission" case (canRead: false) cannot affect
subsequent tests; update the beforeEach that references jest.clearAllMocks() to
call jest.resetAllMocks() or re-establish the default
usePermission.mockImplementation(...) so each test gets a clean mock state.

admin-ui/plugins/scim/plugin-metadata.ts (1)

8-25: ⚠️ Potential issue | 🟠 Major

Align SCIM menu/route permission actions to avoid blocking READ-only users.

SCIM menu uses action: CEDAR_ACTIONS.READ, but the SCIM route uses action: CEDAR_ACTIONS.WRITE. ScimPage renders behind GluuViewWrapper canShow={canReadScim} (so READ is sufficient to view), while canWriteScim is only passed to ScimConfiguration for write/edit behavior. If route access is gated by plugin metadata (resourceKey + action), users with only READ may be denied access when navigating to the page.

Set the SCIM route action to CEDAR_ACTIONS.READ (or otherwise make route gating match the page’s canRead/canWrite behavior).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/plugins/scim/plugin-metadata.ts` around lines 8 - 25, The route
permission in pluginMetadata is too strict and prevents READ-only users from
accessing ScimPage; update the routes entry for ScimPage (where component:
ScimPage and path: ROUTES.SCIM_BASE) to use CEDAR_ACTIONS.READ and the same
ADMIN_UI_RESOURCES.SCIM resourceKey as the menus entry so route gating matches
the page's GluuViewWrapper canReadScim behavior (keep canWriteScim only for
ScimConfiguration write controls).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@admin-ui/app/cedarling/types/cedarTypes.ts`:
- Line 34: Change the TokenAuthorizationRequest.action type from a generic
string to the CedarAction union so action values are validated at compile time:
update the TokenAuthorizationRequest interface (or type) to use CedarAction for
the action property, and ensure CedarAction is imported or referenced in
cedarTypes.ts (or the same module) so the compiler can enforce allowed actions;
adjust any call sites that pass plain strings to use CedarAction values or
cast/convert to CedarAction where appropriate.

In `@admin-ui/plugins/admin/helper/settings.ts`:
- Line 28: The code force-casts configData?.cedarlingLogType to CedarlingLogType
which accepts any string and prevents the fallback; update the initialization of
cedarlingLogType to validate the incoming value against the allowed
CedarlingLogType set (or CEDARLING_LOG_TYPE enum) before using it — e.g., check
if configData?.cedarlingLogType is one of Object.values(CEDARLING_LOG_TYPE) (or
use an isValidCedarlingLogType helper) and only then assign it, otherwise fall
back to CEDARLING_LOG_TYPE.OFF; apply this change where cedarlingLogType is
assigned so unexpected backend strings don’t bypass the fallback.

In `@admin-ui/plugins/admin/plugin-metadata.ts`:
- Around line 131-140: The route entries for RolePermissionMappingPage and
CedarlingConfigPage declare action: CEDAR_ACTIONS.READ but omit resourceKey,
causing a mismatch with their menu items; add resourceKey:
ADMIN_UI_RESOURCES.Security to both route objects (the ones using
ROUTES.ADMIN_MAPPING and ROUTES.ADMIN_CEDARLING_CONFIG) so route-level
authorization aligns with the menu entries and the rest of the security checks.

In `@admin-ui/plugins/auth-server/plugin-metadata.tsx`:
- Around line 189-194: The SsaAddPage route is using CEDAR_ACTIONS.READ which is
incorrect and allows read-only users to access the add page; update the route
entry that references SsaAddPage and ROUTES.AUTH_SERVER_SSA_ADD in
plugin-metadata.tsx to use CEDAR_ACTIONS.WRITE instead of CEDAR_ACTIONS.READ so
it matches other add routes (e.g., ClientAddPage, ScopeAddPage) and enforces
write permissions.

In `@admin-ui/plugins/saml/components/WebsiteSsoServiceProviderList.tsx`:
- Around line 56-59: The component currently destructures canRead and canWrite
from usePermission(ADMIN_UI_RESOURCES.SAML) and uses
canWriteWebsiteSsoServiceProviders to gate delete UI; instead destructure
canDelete from usePermission (e.g., canDelete:
canDeleteWebsiteSsoServiceProviders) and replace usages of
canWriteWebsiteSsoServiceProviders that control the delete action and delete
dialog with canDeleteWebsiteSsoServiceProviders so permission checks match
WebsiteSsoIdentityBrokeringList's canDelete behavior.

In `@admin-ui/plugins/scripts/plugin-metadata.ts`:
- Around line 39-44: The route configuration for the edit page currently grants
read-only permission; update the action for the CustomScriptEditPage route (the
entry with component: CustomScriptEditPage and path:
ROUTES.CUSTOM_SCRIPT_EDIT_TEMPLATE) to use CEDAR_ACTIONS.WRITE instead of
CEDAR_ACTIONS.READ so the edit route requires write permission consistent with
other edit routes (e.g., ClientEditPage, ScopeEditPage).

---

Outside diff comments:
In `@admin-ui/plugins/fido/__tests__/components/Metrics/MetricsPage.test.tsx`:
- Around line 50-52: The tests currently call jest.clearAllMocks() in the
beforeEach, which only clears call history and allows mock implementations like
usePermission.mockImplementation(...) to leak; change the setup to use
jest.resetAllMocks() in the beforeEach (or re-apply the default usePermission
mock implementation there) so usePermission and other mocks are reset between
tests and the "missing permission" case (canRead: false) cannot affect
subsequent tests; update the beforeEach that references jest.clearAllMocks() to
call jest.resetAllMocks() or re-establish the default
usePermission.mockImplementation(...) so each test gets a clean mock state.

In `@admin-ui/plugins/scim/plugin-metadata.ts`:
- Around line 8-25: The route permission in pluginMetadata is too strict and
prevents READ-only users from accessing ScimPage; update the routes entry for
ScimPage (where component: ScimPage and path: ROUTES.SCIM_BASE) to use
CEDAR_ACTIONS.READ and the same ADMIN_UI_RESOURCES.SCIM resourceKey as the menus
entry so route gating matches the page's GluuViewWrapper canReadScim behavior
(keep canWriteScim only for ScimConfiguration write controls).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: f30840d5-0d77-41e7-89b8-253a68b958cd

📥 Commits

Reviewing files that changed from the base of the PR and between e2f257a and ba71dcf.

📒 Files selected for processing (144)

• admin-ui/__mocks__/cedarlingPermissionBridge.ts
• admin-ui/app/cedarling/__tests__/constants/cedarlingConstants.test.ts
• admin-ui/app/cedarling/__tests__/constants/cedarlingLogType.test.ts
• admin-ui/app/cedarling/__tests__/constants/resourceScopes.test.ts
• admin-ui/app/cedarling/__tests__/enums/CedarlingLogType.test.ts
• admin-ui/app/cedarling/__tests__/hooks/useCedarling.test.ts
• admin-ui/app/cedarling/__tests__/hooks/usePermission.test.ts
• admin-ui/app/cedarling/__tests__/utility/resources.test.ts
• admin-ui/app/cedarling/components/Protected.tsx
• admin-ui/app/cedarling/components/index.ts
• admin-ui/app/cedarling/constants/cedarlingConstants.ts
• admin-ui/app/cedarling/constants/index.ts
• admin-ui/app/cedarling/constants/resourceCatalog.ts
• admin-ui/app/cedarling/constants/resourceScopes.ts
• admin-ui/app/cedarling/enums/CedarlingLogType.ts
• admin-ui/app/cedarling/hooks/index.ts
• admin-ui/app/cedarling/hooks/useCedarling.ts
• admin-ui/app/cedarling/hooks/usePermission.ts
• admin-ui/app/cedarling/index.ts
• admin-ui/app/cedarling/types/cedarTypes.ts
• admin-ui/app/cedarling/types/index.ts
• admin-ui/app/cedarling/utility/index.ts
• admin-ui/app/cedarling/utility/resources.ts
• admin-ui/app/components/App/PermissionsPolicyInitializer.tsx
• admin-ui/app/components/Sidebar/types.ts
• admin-ui/app/redux/features/cedarPermissionsSlice.ts
• admin-ui/app/routes/Apps/Gluu/GluuAppSidebar.tsx
• admin-ui/app/routes/Apps/Gluu/GluuCommitDialog.tsx
• admin-ui/app/routes/Apps/Gluu/GluuDialog.tsx
• admin-ui/app/routes/Apps/Gluu/GluuWebhookCommitDialog.tsx
• admin-ui/app/routes/Apps/Gluu/GluuWebhookExecutionDialog.tsx
• admin-ui/app/routes/Apps/Gluu/Tests/GluuAppSiderbar.test.tsx
• admin-ui/app/routes/Apps/Profile/ProfilePage.tsx
• admin-ui/app/routes/Dashboards/DashboardPage.tsx
• admin-ui/app/routes/Dashboards/__tests__/DashboardPage.test.tsx
• admin-ui/app/routes/License/LicenseDetailsPage.test.tsx
• admin-ui/app/routes/License/LicenseDetailsPage.tsx
• admin-ui/app/utils/AppAuthProvider.tsx
• admin-ui/app/utils/PermChecker.ts
• admin-ui/app/utils/auditAction.ts
• admin-ui/app/utils/hooks/useWebhookDialogAction.tsx
• admin-ui/app/utils/types/AuditActionTypes.ts
• admin-ui/app/utils/types/index.ts
• admin-ui/jest.config.ts
• admin-ui/plugins/admin/__tests__/components/Asset/JansAssetListPage.test.tsx
• admin-ui/plugins/admin/__tests__/components/Asset/assetTestUtils.tsx
• admin-ui/plugins/admin/__tests__/components/Audit/AuditListPage.test.tsx
• admin-ui/plugins/admin/__tests__/components/Cedarling/CedarlingConfigPage.test.tsx
• admin-ui/plugins/admin/__tests__/components/MAU/MauPage.test.tsx
• admin-ui/plugins/admin/__tests__/components/Mapping/RolePermissionMappingPage.test.tsx
• admin-ui/plugins/admin/__tests__/components/Settings/SettingsPage.test.tsx
• admin-ui/plugins/admin/__tests__/components/Webhook/WebhookListPage.test.tsx
• admin-ui/plugins/admin/components/Assets/JansAssetAddPage.tsx
• admin-ui/plugins/admin/components/Assets/JansAssetEditPage.tsx
• admin-ui/plugins/admin/components/Assets/JansAssetListPage.tsx
• admin-ui/plugins/admin/components/Audit/AuditListPage.tsx
• admin-ui/plugins/admin/components/Cedarling/CedarlingConfigPage.tsx
• admin-ui/plugins/admin/components/MAU/MauPage.tsx
• admin-ui/plugins/admin/components/Mapping/RolePermissionMappingPage.tsx
• admin-ui/plugins/admin/components/Settings/SettingsPage.tsx
• admin-ui/plugins/admin/components/Webhook/WebhookAddPage.tsx
• admin-ui/plugins/admin/components/Webhook/WebhookEditPage.tsx
• admin-ui/plugins/admin/components/Webhook/WebhookListPage.tsx
• admin-ui/plugins/admin/helper/settings.ts
• admin-ui/plugins/admin/helper/types/SettingsTypes.ts
• admin-ui/plugins/admin/plugin-metadata.ts
• admin-ui/plugins/auth-server/components/AuthServerProperties/__tests__/components/AuthServerPropertiesPage.test.tsx
• admin-ui/plugins/auth-server/components/AuthServerProperties/components/AuthServerPropertiesPage.tsx
• admin-ui/plugins/auth-server/components/Authentication/Acrs/Acrs.tsx
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/AgamaFlows.tsx
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/__tests__/helpers/agamaTestUtils.tsx
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/helper/utils.ts
• admin-ui/plugins/auth-server/components/Authentication/Aliases/Aliases.tsx
• admin-ui/plugins/auth-server/components/Authentication/DefaultAcr/DefaultAcr.tsx
• admin-ui/plugins/auth-server/components/Authentication/__tests__/helpers/authenticationTestUtils.tsx
• admin-ui/plugins/auth-server/components/Authentication/constants.ts
• admin-ui/plugins/auth-server/components/ConfigApiProperties/components/ConfigApiPropertiesForm.tsx
• admin-ui/plugins/auth-server/components/ConfigApiProperties/components/ConfigApiPropertiesPage.tsx
• admin-ui/plugins/auth-server/components/Keys/__tests__/components/JwkItem.test.tsx
• admin-ui/plugins/auth-server/components/Keys/__tests__/components/JwkListPage.test.tsx
• admin-ui/plugins/auth-server/components/Keys/__tests__/components/KeysPage.test.tsx
• admin-ui/plugins/auth-server/components/Keys/components/KeysPage.tsx
• admin-ui/plugins/auth-server/components/Logging/__tests__/components/LoggingPage.test.tsx
• admin-ui/plugins/auth-server/components/Logging/components/LoggingPage.tsx
• admin-ui/plugins/auth-server/components/OidcClients/__tests__/components/ClientListPage.test.tsx
• admin-ui/plugins/auth-server/components/OidcClients/components/ClientListPage.tsx
• admin-ui/plugins/auth-server/components/OidcClients/components/ClientWizardForm.tsx
• admin-ui/plugins/auth-server/components/Scopes/__tests__/components/ScopeListPage.test.tsx
• admin-ui/plugins/auth-server/components/Scopes/components/ScopeListPage.tsx
• admin-ui/plugins/auth-server/components/Sessions/__tests__/components/SessionDetailPage.test.tsx
• admin-ui/plugins/auth-server/components/Sessions/__tests__/components/SessionListPage.test.tsx
• admin-ui/plugins/auth-server/components/Sessions/components/SessionListPage.tsx
• admin-ui/plugins/auth-server/components/Ssa/__tests__/helpers/ssaTestUtils.tsx
• admin-ui/plugins/auth-server/components/Ssa/components/SsaListPage.tsx
• admin-ui/plugins/auth-server/hooks/useAuthServerJsonProperties.ts
• admin-ui/plugins/auth-server/plugin-metadata.tsx
• admin-ui/plugins/auth-server/redux/utils/auditHelpers.ts
• admin-ui/plugins/auth-server/services/jsonPropertiesService.ts
• admin-ui/plugins/fido/__tests__/components/DynamicConfiguration.test.tsx
• admin-ui/plugins/fido/__tests__/components/Fido.test.tsx
• admin-ui/plugins/fido/__tests__/components/Metrics/MetricsPage.test.tsx
• admin-ui/plugins/fido/__tests__/components/StaticConfiguration.test.tsx
• admin-ui/plugins/fido/components/Configuration/Fido.tsx
• admin-ui/plugins/fido/components/Metrics/MetricsPage.tsx
• admin-ui/plugins/fido/plugin-metadata.ts
• admin-ui/plugins/jans-lock/__tests__/components/JansLockConfiguration.test.tsx
• admin-ui/plugins/jans-lock/__tests__/components/JansLockFieldRenderer.test.tsx
• admin-ui/plugins/jans-lock/components/JansLock.tsx
• admin-ui/plugins/jans-lock/plugin-metadata.ts
• admin-ui/plugins/saml/components/SamlConfigurationForm.tsx
• admin-ui/plugins/saml/components/WebsiteSsoIdentityBrokeringList.tsx
• admin-ui/plugins/saml/components/WebsiteSsoServiceProviderList.tsx
• admin-ui/plugins/saml/plugin-metadata.ts
• admin-ui/plugins/scim/__tests__/components/ScimPage.test.tsx
• admin-ui/plugins/scim/components/ScimPage.tsx
• admin-ui/plugins/scim/plugin-metadata.ts
• admin-ui/plugins/scripts/__tests__/components/CustomScriptAddPage.test.tsx
• admin-ui/plugins/scripts/__tests__/components/CustomScriptEditPage.test.tsx
• admin-ui/plugins/scripts/__tests__/components/CustomScriptForm.test.tsx
• admin-ui/plugins/scripts/components/CustomScriptAddPage.tsx
• admin-ui/plugins/scripts/components/CustomScriptEditPage.tsx
• admin-ui/plugins/scripts/components/CustomScriptListPage.tsx
• admin-ui/plugins/scripts/plugin-metadata.ts
• admin-ui/plugins/services/Components/CachePage.tsx
• admin-ui/plugins/services/Components/PersistenceDetail.tsx
• admin-ui/plugins/services/__tests__/components/PersistenceDetail.test.tsx
• admin-ui/plugins/services/plugin-metadata.ts
• admin-ui/plugins/smtp/__tests__/components/SmtpEditPage.test.tsx
• admin-ui/plugins/smtp/__tests__/components/SmtpForm.test.tsx
• admin-ui/plugins/smtp/components/SmtpEditPage.tsx
• admin-ui/plugins/smtp/plugin-metadata.ts
• admin-ui/plugins/user-claims/__tests__/cedarTestHelpers.ts
• admin-ui/plugins/user-claims/__tests__/components/UserClaimsAddPage.test.tsx
• admin-ui/plugins/user-claims/__tests__/components/UserClaimsEditPage.test.tsx
• admin-ui/plugins/user-claims/__tests__/components/UserClaimsForm.test.tsx
• admin-ui/plugins/user-claims/__tests__/components/UserClaimsListPage.test.tsx
• admin-ui/plugins/user-claims/components/UserClaimsAddPage.tsx
• admin-ui/plugins/user-claims/components/UserClaimsEditPage.tsx
• admin-ui/plugins/user-claims/components/UserClaimsListPage.tsx
• admin-ui/plugins/user-claims/components/UserClaimsViewPage.tsx
• admin-ui/plugins/user-claims/plugin-metadata.ts
• admin-ui/plugins/user-management/__tests__/helpers/userManagementTestUtils.tsx
• admin-ui/plugins/user-management/components/UserList.tsx
• admin-ui/plugins/user-management/plugin-metadata.ts

💤 Files with no reviewable changes (39)

• admin-ui/plugins/auth-server/components/Authentication/constants.ts
• admin-ui/app/cedarling/enums/CedarlingLogType.ts
• admin-ui/app/cedarling/constants/resourceScopes.ts
• admin-ui/app/cedarling/tests/enums/CedarlingLogType.test.ts
• admin-ui/plugins/smtp/tests/components/SmtpEditPage.test.tsx
• admin-ui/app/routes/Dashboards/tests/DashboardPage.test.tsx
• admin-ui/plugins/admin/tests/components/Settings/SettingsPage.test.tsx
• admin-ui/plugins/admin/tests/components/Asset/assetTestUtils.tsx
• admin-ui/plugins/admin/tests/components/Mapping/RolePermissionMappingPage.test.tsx
• admin-ui/plugins/services/tests/components/PersistenceDetail.test.tsx
• admin-ui/plugins/auth-server/components/Ssa/tests/helpers/ssaTestUtils.tsx
• admin-ui/plugins/smtp/tests/components/SmtpForm.test.tsx
• admin-ui/plugins/scripts/tests/components/CustomScriptAddPage.test.tsx
• admin-ui/plugins/admin/tests/components/Audit/AuditListPage.test.tsx
• admin-ui/plugins/scripts/tests/components/CustomScriptEditPage.test.tsx
• admin-ui/plugins/admin/tests/components/Cedarling/CedarlingConfigPage.test.tsx
• admin-ui/plugins/auth-server/components/Keys/tests/components/JwkItem.test.tsx
• admin-ui/plugins/auth-server/components/Keys/tests/components/KeysPage.test.tsx
• admin-ui/app/utils/PermChecker.ts
• admin-ui/plugins/admin/tests/components/MAU/MauPage.test.tsx
• admin-ui/plugins/jans-lock/tests/components/JansLockFieldRenderer.test.tsx
• admin-ui/plugins/admin/tests/components/Webhook/WebhookListPage.test.tsx
• admin-ui/plugins/auth-server/components/AuthServerProperties/tests/components/AuthServerPropertiesPage.test.tsx
• admin-ui/plugins/auth-server/components/Sessions/tests/components/SessionDetailPage.test.tsx
• admin-ui/plugins/fido/tests/components/DynamicConfiguration.test.tsx
• admin-ui/plugins/scim/tests/components/ScimPage.test.tsx
• admin-ui/plugins/auth-server/components/Authentication/tests/helpers/authenticationTestUtils.tsx
• admin-ui/plugins/auth-server/components/Sessions/tests/components/SessionListPage.test.tsx
• admin-ui/app/routes/Apps/Gluu/Tests/GluuAppSiderbar.test.tsx
• admin-ui/plugins/scripts/tests/components/CustomScriptForm.test.tsx
• admin-ui/plugins/fido/tests/components/Fido.test.tsx
• admin-ui/plugins/user-management/tests/helpers/userManagementTestUtils.tsx
• admin-ui/app/redux/features/cedarPermissionsSlice.ts
• admin-ui/plugins/jans-lock/tests/components/JansLockConfiguration.test.tsx
• admin-ui/plugins/auth-server/components/Logging/tests/components/LoggingPage.test.tsx
• admin-ui/plugins/auth-server/components/Keys/tests/components/JwkListPage.test.tsx
• admin-ui/plugins/user-claims/tests/cedarTestHelpers.ts
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/tests/helpers/agamaTestUtils.tsx
• admin-ui/plugins/fido/tests/components/StaticConfiguration.test.tsx

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@admin-ui/plugins/auth-server/components/Authentication/Aliases/__tests__/Aliases.test.tsx`:
- Around line 71-85: The tests for Aliases use a mocked useCedarling with
default empty acrMappings which causes no row actions to render and makes the
permission assertions vacuously pass; update both tests that mock useCedarling
(the ones changing hasCedarWritePermission and hasCedarDeletePermission) to
return a makeMockCedarling where acrMappings contains at least one row (e.g., a
simple mapping object) so the component will render row actions when permissions
allow, then keep the mocked permission functions (hasCedarWritePermission /
hasCedarDeletePermission) returning false and assert that the edit/delete action
is absent; locate mocks around useCedarling and makeMockCedarling in the Aliases
tests and add the non-empty acrMappings to the mocked cedarling return value.

In `@admin-ui/plugins/smtp/plugin-metadata.ts`:
- Around line 20-23: The route for SmtpEditPage was changed to
CEDAR_ACTIONS.READ, widening access; revert the action for the route that
references SmtpEditPage and ROUTES.SMTP_BASE back to CEDAR_ACTIONS.WRITE
(keeping ADMIN_UI_RESOURCES.SMTP as the resourceKey) so the SMTP editor keeps
its original write-level authorization enforcement.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3f8eee2f-5f7f-4319-9ae0-c4374fa7aced

📥 Commits

Reviewing files that changed from the base of the PR and between ba71dcf and 0a4212f.

📒 Files selected for processing (17)

• admin-ui/app/constants/ui.ts
• admin-ui/plugins/admin/components/Assets/JansAssetAddPage.tsx
• admin-ui/plugins/admin/components/Assets/JansAssetEditPage.tsx
• admin-ui/plugins/admin/components/Webhook/WebhookAddPage.tsx
• admin-ui/plugins/admin/components/Webhook/WebhookEditPage.tsx
• admin-ui/plugins/admin/helper/settings.ts
• admin-ui/plugins/admin/plugin-metadata.ts
• admin-ui/plugins/auth-server/components/Authentication/Aliases/Aliases.tsx
• admin-ui/plugins/auth-server/components/Authentication/Aliases/__tests__/Aliases.test.tsx
• admin-ui/plugins/auth-server/components/Ssa/components/SsaListPage.tsx
• admin-ui/plugins/auth-server/plugin-metadata.tsx
• admin-ui/plugins/fido/__tests__/components/Metrics/MetricsPage.test.tsx
• admin-ui/plugins/fido/plugin-metadata.ts
• admin-ui/plugins/saml/components/WebsiteSsoServiceProviderList.tsx
• admin-ui/plugins/scim/plugin-metadata.ts
• admin-ui/plugins/scripts/plugin-metadata.ts
• admin-ui/plugins/smtp/plugin-metadata.ts

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

admin-ui/app/routes/Pages/ByeBye.tsx (1)

26-65: ⚠️ Potential issue | 🟡 Minor

Add rejection handling to performLogout() fire-and-forget call

performLogout() is started from useEffect without handling its returned promise (Line 64). While the awaited deleteSession() is wrapped in try/catch and the buildSafeNavigationUrl/buildSafeLogoutUrl helpers return null on invalid inputs instead of throwing, any unexpected synchronous error inside performLogout would still become an unhandled rejection and prevent the intended redirect.

🔧 Suggested fix

@@
-    performLogout()
+    void performLogout().catch((error) => {
+      devLogger.error('Unexpected logout failure:', error instanceof Error ? error : String(error))
+      window.location.href = '/'
+    })

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@admin-ui/app/routes/Pages/ByeBye.tsx` around lines 26 - 65, The useEffect
currently calls performLogout() without handling its returned promise; wrap the
call so any rejection is caught (e.g., call performLogout().catch(...)) and log
the error via devLogger.error and perform a safe fallback redirect
(window.location.href = '/' or use buildSafeNavigationUrl) to ensure redirects
still happen if performLogout (which uses deleteSession, buildSafeLogoutUrl,
buildSafeNavigationUrl) throws synchronously or rejects; update the effect to
call performLogout and handle errors instead of fire-and-forget.

Source: Learnings

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@admin-ui/app/utils/storage.ts`:
- Line 3: The storage availability check in isAvailable currently reads
window.localStorage directly which can throw a SecurityError in blocked-storage
environments; wrap the access in a try/catch inside isAvailable, return false if
any exception is thrown (or if typeof window === 'undefined'), and only return
true when accessing window.localStorage succeeds and is truthy so callers never
receive an exception from this helper.

In `@admin-ui/docs/cedarling.md`:
- Around line 193-195: The import path for ADMIN_UI_RESOURCES is incorrect in
the example; update the import so ADMIN_UI_RESOURCES (and CEDAR_ACTIONS if also
exported from there) is imported from '`@/cedarling/utility`' instead of
'`@/cedarling/constants`' to match the module map; adjust the import line that
references Protected, ADMIN_UI_RESOURCES, and CEDAR_ACTIONS so consumers copying
the example will get the correct module.

---

Outside diff comments:
In `@admin-ui/app/routes/Pages/ByeBye.tsx`:
- Around line 26-65: The useEffect currently calls performLogout() without
handling its returned promise; wrap the call so any rejection is caught (e.g.,
call performLogout().catch(...)) and log the error via devLogger.error and
perform a safe fallback redirect (window.location.href = '/' or use
buildSafeNavigationUrl) to ensure redirects still happen if performLogout (which
uses deleteSession, buildSafeLogoutUrl, buildSafeNavigationUrl) throws
synchronously or rejects; update the effect to call performLogout and handle
errors instead of fire-and-forget.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 49fe3a57-e2ef-43ca-9647-5282f872ee81

📥 Commits

Reviewing files that changed from the base of the PR and between 0a4212f and ff816e9.

📒 Files selected for processing (27)

• admin-ui/app/cedarling/types/cedarTypes.ts
• admin-ui/app/constants/storageKeys.ts
• admin-ui/app/context/theme/themeContext.tsx
• admin-ui/app/i18n.ts
• admin-ui/app/layout/default.tsx
• admin-ui/app/redux/features/logoutSlice.ts
• admin-ui/app/redux/listeners/authListener.ts
• admin-ui/app/routes/Apps/Gluu/GluuCommitDialog.tsx
• admin-ui/app/routes/Apps/Gluu/LanguageMenu.tsx
• admin-ui/app/routes/Apps/Gluu/ThemeDropdown.tsx
• admin-ui/app/routes/Dashboards/DashboardPage.tsx
• admin-ui/app/routes/Pages/ByeBye.tsx
• admin-ui/app/utils/AppAuthProvider.tsx
• admin-ui/app/utils/TokenController.ts
• admin-ui/app/utils/pagingUtils.ts
• admin-ui/app/utils/storage.ts
• admin-ui/app/utils/types/AppAuthProviderTypes.ts
• admin-ui/docs/auth.md
• admin-ui/docs/cedarling.md
• admin-ui/docs/onboarding.md
• admin-ui/docs/recipes.md
• admin-ui/docs/testing.md
• admin-ui/plugins/admin/__tests__/components/Asset/assetTestUtils.tsx
• admin-ui/plugins/auth-server/components/Authentication/AgamaFlows/__tests__/helpers/agamaTestUtils.tsx
• admin-ui/plugins/auth-server/components/Authentication/Aliases/__tests__/Aliases.test.tsx
• admin-ui/plugins/auth-server/components/Authentication/__tests__/helpers/authenticationTestUtils.tsx
• admin-ui/plugins/auth-server/components/Ssa/__tests__/helpers/ssaTestUtils.tsx

💤 Files with no reviewable changes (5)

• admin-ui/app/cedarling/types/cedarTypes.ts
• admin-ui/app/constants/storageKeys.ts
• admin-ui/plugins/admin/tests/components/Asset/assetTestUtils.tsx
• admin-ui/app/routes/Apps/Gluu/GluuCommitDialog.tsx
• admin-ui/app/redux/listeners/authListener.ts

[duttarnab]

1. I removed dashboard policy but getting following screen:

[sonarqubecloud]

Quality Gate passed for 'Gluu Admin UI'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud