feat: Inspect Permissions - 🔴 Blocked by #5408

[tiagoapolo]

Thanks for submitting a PR! Please check the boxes below:

• I have added information to docs/ if required so people know about the feature!
• I have filled in the "Changes" section below?
• I have filled in the "How did you test this code" section below?
• I have used a Conventional Commit title for this Pull Request

Changes

⚠️ 5408 needs to be merged first

Ref: #5064

How did you test this code?

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
flagsmith-frontend-preview	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 12, 2025 3:35pm
flagsmith-frontend-staging	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 12, 2025 3:35pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
docs	⬜️ Ignored (Inspect)	Visit Preview		May 12, 2025 3:35pm

[github-actions]

Uffizzi Ephemeral Environment Deploying

☁️ https://app.uffizzi.com/github.com/Flagsmith/flagsmith/pull/5375

⚙️ Updating now by workflow run 14926861786.

What is Uffizzi? Learn more!

[github-actions]

Docker builds report

Image	Build Status	Security report
ghcr.io/flagsmith/flagsmith-e2e:pr-5375	Finished ✅	Skipped
ghcr.io/flagsmith/flagsmith-api-test:pr-5375	Finished ✅	Skipped
ghcr.io/flagsmith/flagsmith-api:pr-5375	Finished ✅	Results ✅
ghcr.io/flagsmith/flagsmith:pr-5375	Finished ✅	Results ✅
ghcr.io/flagsmith/flagsmith-private-cloud:pr-5375	Finished ✅	Results ✅
ghcr.io/flagsmith/flagsmith-frontend:pr-5375	Finished ✅	Results ✅

[Zaimwa9]

Created this branch including backend for testing purposes if needed
feat/readonly-user-permissions-5308-with-backend

[Zaimwa9]

Couple of comments. Nothing critical (although one in the backend), working really well besides that.

I just have a question. I'm not sure to get what's the difference between GRANTED, GRANTED_FOR_TAGS

[tiagoapolo]

Couple of comments. Nothing critical (although one in the backend), working really well besides that.

I just have a question. I'm not sure to get what's the difference between GRANTED, GRANTED_FOR_TAGS

GRANTED = Permission was granted for that role
GRANTED_FOR_TAGS = Permission was granted for that role but only when it matches any specified tags.

if a user has a role with GRANTED_FOR_TAGS for DELETE_FEATURE and the role specifies certain tags, they will only be able to delete features that have at least one of those specified tags. Features without any of the specified tags will be protected from deletion by that user.

[Zaimwa9]

It's more of a product question but I wonder whether we should show that the user has the permission granted both directly and through derived permissions.

Let's say you want to remove create project from me. You would remove it directly from my user permissions without knowing that I will still have it from a role I have but wasn't shown no?

[tiagoapolo]

We already support that, but we don't show a tooltip text when is a directly assigned permission + derived, but I could add a copy text for that specific case.

[Zaimwa9]

Thanks for the changes! Really nice feature, ready to go imo once backend released (and a couple of conflicts to solve)