Skip to content

feat(permissions): Adding the permission shield overlay to Sistent base components#1686

Open
rishiraj38 wants to merge 10 commits into
layer5io:masterfrom
rishiraj38:feat/unified-permission-components
Open

feat(permissions): Adding the permission shield overlay to Sistent base components#1686
rishiraj38 wants to merge 10 commits into
layer5io:masterfrom
rishiraj38:feat/unified-permission-components

Conversation

@rishiraj38

@rishiraj38 rishiraj38 commented Jul 6, 2026

Copy link
Copy Markdown
Member

What this does

This adds permission awareness to Sistent's base components (Button, IconButton, ListItem, ListItemButton, MenuItem) so that consumer apps like Meshery can show users why something is disabled instead of just graying it out with no explanation.

The approach is intentionally simple; Sistent doesn't try to own the permission-checking logic. That stays in the consumer app where it belongs (via their existing CAN() function). Sistent just handles the visual side:

If a component is disabled and a permissionKey prop is provided → wrap it in a PermissionShield that shows a lock icon with details about the blocked action on click.

What's included

  • PermissionShield (src/custom/permissions.tsx) -- A visual wrapper component that grays out its children and overlays a shield/lock icon. Clicking the icon shows a styled tooltip with permission metadata (category, subcategory, blocked action, description, resource ID). Uses ClickAwayListener and a custom event to ensure only one tooltip is open at a time.

  • Updated base components -- Button, IconButton, ListItem, ListItemButton, and MenuItem now accept optional permissionKey props. When disabled with a key present, they automatically render inside PermissionShield.

  • Backward-compatible Key type -- Supports both the existing action/subject schema and the newer id/function/category/subcategory/description schema. The createCanShow helper was also updated to handle both.

  • Exports -- PermissionShield, Key, and PermissionShieldProps are exported from src/index.tsx.

How to use it

// The consumer app still owns the permission check — Sistent just shows the UI
<IconButton
  disabled={!CAN(Keys.CatalogManagementEditDesign.id, Keys.CatalogManagementEditDesign.function)}
  permissionKey={Keys.CatalogManagementEditDesign}
>
  <EditIcon />
</IconButton>

That's it. No providers, no context, no hooks. The permissionKey metadata (category, description, etc.) powers the tooltip content automatically.

Why this approach

I wanted to keep Sistent as a pure UI library here. Permission logic varies between consumer apps; some use CASL, some use custom RBAC, some hit an API. Baking any of that into Sistent would couple it to a specific implementation. Instead, the consumer decides disabled={true/false} and Sistent just makes the disabled state informative rather than a dead end for the user.

MockUps

Screenshot 2026-07-08 at 6 02 39 PM
Screen.Recording.2026-07-08.at.6.02.10.PM.mov

Signed commits

  • Yes, I signed my commits.

Signed-off-by: Rishi Raj <rishiraj438gt@gmail.com>
@rishiraj38 rishiraj38 marked this pull request as draft July 6, 2026 22:00
gemini-code-assist[bot]

This comment was marked as outdated.

@rishiraj38

Copy link
Copy Markdown
Member Author

This is just a mockup to validate the implementation. I'll handle the formatting afterward, including the tooltip content, colors, and the permission shield icon.

@rishiraj38 rishiraj38 marked this pull request as ready for review July 8, 2026 12:36
@rishiraj38 rishiraj38 changed the title feat(permissions): integrate unified permission API in core components feat(permissions): simplify permission shield wrapper and add coordinated click-to-reveal tooltips Jul 8, 2026
@rishiraj38 rishiraj38 changed the title feat(permissions): simplify permission shield wrapper and add coordinated click-to-reveal tooltips feat(permissions): Adding the permission shield overlay to Sistent base components Jul 8, 2026
Signed-off-by: Rishi Raj <rishiraj438gt@gmail.com>
@rishiraj38

Copy link
Copy Markdown
Member Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new PermissionShield wrapper component to display permission metadata overlays on disabled base components (Button, IconButton, ListItem, ListItemButton, and MenuItem) when a permissionKey is provided. Feedback on these changes highlights a bug in ListItem where the disabled prop is not forwarded to the underlying component, potential runtime crashes in PermissionShield and createCanShow due to missing guards for permissionKey and children validity, and a recommendation to expose hardcoded UI strings as props to support internationalization.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread src/base/ListItem/ListItem.tsx
Comment thread src/custom/permissions.tsx
Comment thread src/custom/permissions.tsx Outdated
Comment thread src/custom/permissions.tsx
Signed-off-by: Rishi Raj <rishiraj438gt@gmail.com>
Signed-off-by: Rishi Raj <rishiraj438gt@gmail.com>

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@NSTKrishna NSTKrishna requested a review from Copilot July 8, 2026 18:37

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants