🐛 RBAC: RBAC display error in menu and delete permissions

[glopezGitHub]

Plugin Name

RBAC

📜 Description

When entering backstage with a user without permissions to view RBAC, the RBAC menu is appearing with permissions to view and allows the user to delete a role without having permissions to do so

The button edit set unautrhorized to edit but the button delete is active and i can delete the role

We have a meesage on top of the page

The role active for me have got 2 rules

👍 Expected behavior

The expected behavior is that the rbac menu option not appears.

👎 Actual Behavior with Screenshots

The expected behavior is that the RBAC menu does not appear to the user, and even less that they can delete a complete role."

👟 Reproduction steps

1. Create a new role for administrators group only
2. create a new role for members with the rule any of IS_ENTITY_OWNER and value $ownerRefs or HAS_ANNOTATION we use one annotation xxx.io/rbac-access with value public in other to permit show the subdomains and domanins in the catalog.
3. When the user log with roles member the user shows the RBAC plugin with only permission to delete any role.

📃 Provide the context for the Bug.

Backend

{
"name": "backend",
"version": "0.0.1",
"main": "dist/index.cjs.js",
"types": "src/index.ts",
"private": true,
"backstage": {
"role": "backend"
},
"scripts": {
"start": "backstage-cli package start",
"build": "backstage-cli package build",
"lint": "backstage-cli package lint",
"test": "backstage-cli package test",
"clean": "backstage-cli package clean",
"build-image": "docker build ../.. -f Dockerfile --tag backstage"
},
"dependencies": {
"@backstage-community/plugin-badges-backend": "^0.5.1",
"@backstage-community/plugin-code-coverage-backend": "^0.2.35",
"@backstage-community/plugin-explore-backend": "^0.1.5",
"@backstage-community/plugin-jenkins-backend": "^0.4.12",
"@backstage-community/plugin-rbac-common": "^1.12.3",
"@backstage-community/plugin-rbac-backend": "^5.2.7",
"@backstage-community/plugin-rbac-node": "^1.8.3",
"@backstage-community/plugin-sonarqube-backend": "^0.3.1",
"@backstage-community/plugin-todo-backend": "^0.3.19",
"@backstage/backend-common": "^0.24.1",
"@backstage/backend-defaults": "^0.4.4",
"@backstage/backend-plugin-api": "^0.8.1",
"@backstage/backend-tasks": "^0.6.1",
"@backstage/catalog-client": "^1.6.6",
"@backstage/catalog-model": "^1.6.0",
"@backstage/config": "^1.2.0",
"@backstage/plugin-app-backend": "^0.3.71",
"@backstage/plugin-auth-backend": "^0.22.9",
"@backstage/plugin-auth-backend-module-github-provider": "^0.1.21",
"@backstage/plugin-auth-backend-module-guest-provider": "^0.2.0",
"@backstage/plugin-auth-node": "^0.4.17",
"@backstage/plugin-catalog-backend": "^1.24.0",
"@backstage/plugin-catalog-backend-module-github": "^0.7.7",
"@backstage/plugin-catalog-backend-module-github-org": "^0.3.4",
"@backstage/plugin-catalog-backend-module-logs": "^0.0.1",
"@backstage/plugin-catalog-backend-module-msgraph": "^0.6.0",
"@backstage/plugin-catalog-backend-module-openapi": "^0.1.40",
"@backstage/plugin-catalog-backend-module-scaffolder-entity-model": "^0.1.20",
"@backstage/plugin-events-backend": "^0.3.9",
"@backstage/plugin-kubernetes-backend": "^0.18.4",
"@backstage/plugin-permission-backend": "^0.5.50",
"@backstage/plugin-permission-backend-module-allow-all-policy": "^0.2.1",
"@backstage/plugin-permission-common": "^0.8.2",
"@backstage/plugin-permission-node": "^0.8.5",
"@backstage/plugin-proxy-backend": "^0.5.3",
"@backstage/plugin-scaffolder-backend": "^1.23.0",
"@backstage/plugin-scaffolder-backend-module-github": "^0.4.2",
"@backstage/plugin-search-backend": "^1.5.14",
"@backstage/plugin-search-backend-module-catalog": "^0.1.28",
"@backstage/plugin-search-backend-module-explore": "^0.2.0",
"@backstage/plugin-search-backend-module-pg": "^0.5.32",
"@backstage/plugin-search-backend-module-techdocs": "^0.2.0",
"@backstage/plugin-search-backend-node": "^1.3.1",
"@backstage/plugin-techdocs-backend": "^1.10.11",
"@backstage/plugin-techdocs-node": "^1.12.9",
"@frontside/backstage-plugin-graphql-backend": "^0.1.9",
"@frontside/backstage-plugin-graphql-backend-module-catalog": "^0.3.4",
"@internal/backstage-plugin-catalog-backend-module-ownership-processor": "^0.1.0",
"@internal/plugin-auth-backend-module-prosegur-provider": "^0.1.0",
"@internal/plugin-auth-token-catalog": "^0.1.0",
"@internal/plugin-form-data-backend": "^0.1.0",
"@janus-idp/backstage-scaffolder-backend-module-annotator": "^1.3.0",
"@janus-idp/backstage-scaffolder-backend-module-sonarqube": "^1.7.1",
"@microcks/microcks-backstage-provider": "^0.0.5",
"@stagecentral/plugin-artifactory-backend": "0.1.3",
"app": "link:../app",
"better-sqlite3": "^11.1.2",
"casbin": "^5.30.0",
"dockerode": "^4.0.2",
"express": "^4.19.2",
"express-prom-bundle": "^6.6.0",
"global-agent": "^3.0.0",
"lodash": "^4.17.21",
"node-gyp": "^10.1.0",
"pg": "^8.12.0",
"prom-client": "^15.1.3",
"typeorm-adapter": "^1.7.0",
"undici": "^6.19.8",
"winston": "^3.14.2"
},
"devDependencies": {
"@backstage/cli": "^0.27.0",
"@types/dockerode": "^3.3.29",
"@types/express": "^4.17.21",
"@types/express-serve-static-core": "^4.19.3",
"@types/global-agent": "2.1.3",
"@types/lodash": "^4.17.5",
"@types/luxon": "^3.4.2"
},
"files": [
"dist",
"migrations",
"config.d.ts"
],
"configSchema": "config.d.ts"
}

Front

{
"name": "app",
"version": "0.0.1",
"private": true,
"bundled": true,
"backstage": {
"role": "frontend"
},
"scripts": {
"start": "backstage-cli package start",
"build": "backstage-cli package build",
"clean": "backstage-cli package clean",
"test": "backstage-cli package test",
"lint": "backstage-cli package lint"
},
"dependencies": {
"@backstage-community/plugin-badges": "^0.2.59",
"@backstage-community/plugin-code-coverage": "^0.2.28",
"@backstage-community/plugin-cost-insights": "^0.12.25",
"@backstage-community/plugin-explore": "^0.4.21",
"@backstage-community/plugin-github-actions": "^0.6.16",
"@backstage-community/plugin-github-pull-requests-board": "^0.2.2",
"@backstage-community/plugin-graphiql": "^0.3.8",
"@backstage-community/plugin-jenkins": "^0.10.1",
"@backstage-community/plugin-microsoft-calendar": "^0.1.17",
"@backstage-community/plugin-rbac-common": "^1.12.3",
"@backstage-community/plugin-rbac": "^1.33.3",
"@backstage-community/plugin-sonarqube": "^0.8.9",
"@backstage-community/plugin-tech-radar": "^0.7.4",
"@backstage-community/plugin-todo": "^0.2.39",
"@backstage/app-defaults": "^1.5.9",
"@backstage/catalog-model": "^1.5.0",
"@backstage/cli": "^0.27.0",
"@backstage/config": "^1.2.0",
"@backstage/core-app-api": "^1.14.1",
"@backstage/core-components": "^0.14.9",
"@backstage/core-plugin-api": "^1.9.3",
"@backstage/integration-react": "^1.1.29",
"@backstage/plugin-api-docs": "^0.11.7",
"@backstage/plugin-catalog": "^1.21.1",
"@backstage/plugin-catalog-common": "^1.0.25",
"@backstage/plugin-catalog-graph": "^0.4.7",
"@backstage/plugin-catalog-import": "^0.12.1",
"@backstage/plugin-catalog-react": "^1.12.3",
"@backstage/plugin-home": "^0.7.8",
"@backstage/plugin-kubernetes": "^0.11.13",
"@backstage/plugin-org": "^0.6.28",
"@backstage/plugin-permission-react": "^0.4.24",
"@backstage/plugin-scaffolder": "^1.23.0",
"@backstage/plugin-scaffolder-react": "^1.10.0",
"@backstage/plugin-search": "^1.4.15",
"@backstage/plugin-search-react": "^1.7.14",
"@backstage/plugin-techdocs": "^1.10.8",
"@backstage/plugin-techdocs-module-addons-contrib": "^1.1.13",
"@backstage/plugin-techdocs-react": "^1.2.7",
"@backstage/plugin-user-settings": "^0.8.10",
"@backstage/theme": "^0.5.6",
"@internal/backstage-plugin-prosegur-card-info": "^0.1.0",
"@internal/plugin-prosegur-theme": "^0.0.1",
"@material-ui/core": "^4.12.2",
"@material-ui/icons": "^4.9.1",
"@roadiehq/backstage-plugin-github-insights": "^2.4.1",
"@roadiehq/backstage-plugin-github-pull-requests": "^2.5.28",
"@roadiehq/backstage-plugin-security-insights": "^2.3.20",
"@stagecentral/plugin-artifactory": "^0.1.4",
"history": "^5.3.0",
"i18next": "^23.15.2",
"lodash": "^4.17.21",
"path": "^0.12.7",
"react": "^18.3.1",
"react-dom": "^18.3.1",
"react-i18next": "^15.0.2",
"react-router": "^6.26.1",
"react-router-dom": "^6.26.1",
"react-use": "^17.5.1",
"react-window": "^1.8.10",
"tss-react": "^4.9.12"
},
"devDependencies": {
"@backstage/cli": "^0.27.0",
"@backstage/test-utils": "^1.5.9",
"@janus-idp/cli": "^1.13.1",
"@playwright/test": "^1.32.3",
"@scalprum/react-test-utils": "^0.2.0",
"@testing-library/dom": "^10.1.0",
"@testing-library/jest-dom": "^6.5.0",
"@testing-library/react": "^16.0.0",
"@testing-library/react-hooks": "^8.0.1",
"@testing-library/user-event": "^14.5.2",
"@types/node": "^20.14.2",
"@types/react": "^18.3.4",
"@types/react-dom": "^18.3.0",
"@types/react-window": "^1.8.8",
"@types/uuid": "^9.0.8",
"cross-env": "^7.0.3",
"uuid": "^10.0.0"
},
"browserslist": {
"production": [
">0.2%",
"not dead",
"not op_mini all"
],
"development": [
"last 1 chrome version",
"last 1 firefox version",
"last 1 safari version"
]
},
"files": [
"dist",
"config.d.ts"
],
"configSchema": "config.d.ts"
}

👀 Have you spent some time to check if this bug has been raised before?

• I checked and didn't find similar issue

🏢 Have you read the Code of Conduct?

• I have read the Code of Conduct

Are you willing to submit PR?

No, but I'm happy to collaborate on a PR with someone else