From 404efd25236a7939dbf03df9a0e85b5836996c4c Mon Sep 17 00:00:00 2001
From: jinapurapu <65002498+jinapurapu@users.noreply.github.com>
Date: Thu, 3 Nov 2022 10:43:19 -0700
Subject: [PATCH] Fixed Users tab permissions to hide if CreateUser only User
 permission  (#2426)

---
 .../src/common/SecureComponent/permissions.ts     | 15 +++++++++++++++
 portal-ui/src/screens/Console/valid-routes.ts     |  6 ++++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/portal-ui/src/common/SecureComponent/permissions.ts b/portal-ui/src/common/SecureComponent/permissions.ts
index 1677821f7..169bc3a12 100644
--- a/portal-ui/src/common/SecureComponent/permissions.ts
+++ b/portal-ui/src/common/SecureComponent/permissions.ts
@@ -461,6 +461,21 @@ export const enableUserPermissions = [IAM_SCOPES.ADMIN_ENABLE_USER];
 
 export const disableUserPermissions = [IAM_SCOPES.ADMIN_DISABLE_USER];
 
+//note that adminUserPermissions does NOT include ADMIN_CREATE_USER to allow hiding the Users tab for users wtih only this permission as it is being applied by default
+export const adminUserPermissions = [
+  IAM_SCOPES.ADMIN_LIST_USER_POLICIES,
+  IAM_SCOPES.ADMIN_LIST_USERS,
+  IAM_SCOPES.ADMIN_ADD_USER_TO_GROUP,
+  IAM_SCOPES.ADMIN_REMOVE_USER_FROM_GROUP,
+  IAM_SCOPES.ADMIN_ATTACH_USER_OR_GROUP_POLICY,
+  IAM_SCOPES.ADMIN_LIST_USERS,
+  IAM_SCOPES.ADMIN_DELETE_USER,
+  IAM_SCOPES.ADMIN_ENABLE_USER,
+  IAM_SCOPES.ADMIN_DISABLE_USER,
+  IAM_SCOPES.ADMIN_GET_USER,
+  IAM_SCOPES.ADMIN_LIST_USER_POLICIES,
+];
+
 export const assignIAMPolicyPermissions = [
   IAM_SCOPES.ADMIN_ATTACH_USER_OR_GROUP_POLICY,
   IAM_SCOPES.ADMIN_LIST_USER_POLICIES,
diff --git a/portal-ui/src/screens/Console/valid-routes.ts b/portal-ui/src/screens/Console/valid-routes.ts
index 821f37829..850265923 100644
--- a/portal-ui/src/screens/Console/valid-routes.ts
+++ b/portal-ui/src/screens/Console/valid-routes.ts
@@ -17,6 +17,7 @@
 import { IMenuItem } from "./Menu/types";
 import { NavLink } from "react-router-dom";
 import {
+  adminUserPermissions,
   CONSOLE_UI_RESOURCE,
   IAM_PAGES,
   IAM_PAGES_PERMISSIONS,
@@ -85,8 +86,9 @@ export const validRoutes = (
           id: "users",
           to: IAM_PAGES.USERS,
           customPermissionFnc: () =>
-            hasPermission(CONSOLE_UI_RESOURCE, [IAM_SCOPES.ADMIN_LIST_USERS]) ||
-            hasPermission(S3_ALL_RESOURCES, [IAM_SCOPES.ADMIN_CREATE_USER]),
+            hasPermission(CONSOLE_UI_RESOURCE, adminUserPermissions) ||
+            hasPermission(S3_ALL_RESOURCES, adminUserPermissions) ||
+            hasPermission(CONSOLE_UI_RESOURCE, [IAM_SCOPES.ADMIN_ALL_ACTIONS]),
           name: "Users",
           icon: UsersMenuIcon,
           fsHidden: ldapIsEnabled,