fix: auth inconcistency around API keys & manager role

2026-04-02 21:22:10 -05:00 · 2026-03-31 15:32:05 +02:00
2 changed files with 6 additions and 5 deletions
--- a/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/components/OrganizationSettingsNavbar.tsx
+++ b/apps/web/app/(app)/environments/[environmentId]/settings/(organization)/components/OrganizationSettingsNavbar.tsx
@@ -22,7 +22,8 @@ export const OrganizationSettingsNavbar = ({
  loading,
 }: OrganizationSettingsNavbarProps) => {
  const pathname = usePathname();
-  const { isMember, isOwner } = getAccessFlags(membershipRole);
+  const { isMember, isOwner, isManager } = getAccessFlags(membershipRole);
+  const isOwnerOrManager = isOwner || isManager;
  const isPricingDisabled = isMember;
  const { t } = useTranslation();

@@ -45,7 +46,7 @@ export const OrganizationSettingsNavbar = ({
      label: t("common.api_keys"),
      href: `/environments/${environmentId}/settings/api-keys`,
      current: pathname?.includes("/api-keys"),
-      hidden: !isOwner,
+      hidden: !isOwnerOrManager,
    },
    {
      id: "domain",
--- a/apps/web/modules/organization/settings/api-keys/actions.ts
+++ b/apps/web/modules/organization/settings/api-keys/actions.ts
@@ -26,7 +26,7 @@ export const deleteApiKeyAction = authenticatedActionClient.inputSchema(ZDeleteA
      access: [
        {
          type: "organization",
-          roles: ["owner"],
+          roles: ["owner", "manager"],
        },
      ],
    });
@@ -53,7 +53,7 @@ export const createApiKeyAction = authenticatedActionClient.inputSchema(ZCreateA
      access: [
        {
          type: "organization",
-          roles: ["owner"],
+          roles: ["owner", "manager"],
        },
      ],
    });
@@ -81,7 +81,7 @@ export const updateApiKeyAction = authenticatedActionClient.inputSchema(ZUpdateA
      access: [
        {
          type: "organization",
-          roles: ["owner"],
+          roles: ["owner", "manager"],
        },
      ],
    });