fix: managers should not be allowed to create api keys (#5409)

2026-05-07 22:31:35 -05:00 · 2025-04-17 19:42:55 +05:30
parent 4dfd15d6dd
commit 2e979c7323
9 changed files with 18 additions and 28 deletions
@@ -22,7 +22,7 @@ export const OrganizationSettingsNavbar = ({
  loading,
 }: OrganizationSettingsNavbarProps) => {
  const pathname = usePathname();
-  const { isMember } = getAccessFlags(membershipRole);
+  const { isMember, isOwner } = getAccessFlags(membershipRole);
  const isPricingDisabled = isMember;
  const { t } = useTranslate();

@@ -59,6 +59,7 @@ export const OrganizationSettingsNavbar = ({
      label: t("common.api_keys"),
      href: `/environments/${environmentId}/settings/api-keys`,
      current: pathname?.includes("/api-keys"),
+      hidden: !isOwner,
    },
  ];

@@ -25,7 +25,7 @@ export const deleteApiKeyAction = authenticatedActionClient
      access: [
        {
          type: "organization",
-          roles: ["owner", "manager"],
+          roles: ["owner"],
        },
      ],
    });
@@ -47,7 +47,7 @@ export const createApiKeyAction = authenticatedActionClient
      access: [
        {
          type: "organization",
-          roles: ["owner", "manager"],
+          roles: ["owner"],
        },
      ],
    });
@@ -69,7 +69,7 @@ export const updateApiKeyAction = authenticatedActionClient
      access: [
        {
          type: "organization",
-          roles: ["owner", "manager"],
+          roles: ["owner"],
        },
      ],
    });
@@ -2,7 +2,6 @@ import { OrganizationSettingsNavbar } from "@/app/(app)/environments/[environmen
 import { SettingsCard } from "@/app/(app)/environments/[environmentId]/settings/components/SettingsCard";
 import { getEnvironmentAuth } from "@/modules/environments/lib/utils";
 import { getProjectsByOrganizationId } from "@/modules/organization/settings/api-keys/lib/projects";
-import { Alert } from "@/modules/ui/components/alert";
 import { PageContentWrapper } from "@/modules/ui/components/page-content-wrapper";
 import { PageHeader } from "@/modules/ui/components/page-header";
 import { getTranslate } from "@/tolgee/server";
@@ -19,7 +18,9 @@ export const APIKeysPage = async (props) => {

  const projects = await getProjectsByOrganizationId(organization.id);

-  const isReadOnly = currentUserMembership.role !== "owner" && currentUserMembership.role !== "manager";
+  const isNotOwner = currentUserMembership.role !== "owner";
+
+  if (isNotOwner) throw new Error(t("common.not_authorized"));

  return (
    <PageContentWrapper>
@@ -31,22 +32,16 @@ export const APIKeysPage = async (props) => {
          activeId="api-keys"
        />
      </PageHeader>
-      {isReadOnly ? (
-        <Alert variant="warning">
-          {t("environments.settings.api_keys.only_organization_owners_and_managers_can_manage_api_keys")}
-        </Alert>
-      ) : (
-        <SettingsCard
-          title={t("common.api_keys")}
-          description={t("environments.settings.api_keys.api_keys_description")}>
-          <ApiKeyList
-            organizationId={organization.id}
-            locale={locale}
-            isReadOnly={isReadOnly}
-            projects={projects}
-          />
-        </SettingsCard>
-      )}
+      <SettingsCard
+        title={t("common.api_keys")}
+        description={t("environments.settings.api_keys.api_keys_description")}>
+        <ApiKeyList
+          organizationId={organization.id}
+          locale={locale}
+          isReadOnly={isNotOwner}
+          projects={projects}
+        />
+      </SettingsCard>
    </PageContentWrapper>
  );
 };