From 23246b02f9aec63f00caec50450cd04612891838 Mon Sep 17 00:00:00 2001
From: prdai <prdai@users.noreply.github.com>
Date: Tue, 28 Apr 2026 14:09:44 +0530
Subject: [PATCH 1/2] fix: add component release delete permission

Co-authored-by: Codex <codex@openai.com>
Signed-off-by: prdai <prdai@users.noreply.github.com>
---
 plugins/openchoreo-common/src/index.ts                |  1 +
 plugins/openchoreo-common/src/permissions.ts          | 11 +++++++++++
 .../components/AccessControl/RolesTab/RoleDialog.tsx  |  3 +++
 3 files changed, 15 insertions(+)

diff --git a/plugins/openchoreo-common/src/index.ts b/plugins/openchoreo-common/src/index.ts
index 2d5f415a7..70d03d128 100644
--- a/plugins/openchoreo-common/src/index.ts
+++ b/plugins/openchoreo-common/src/index.ts
@@ -41,6 +41,7 @@ export {
   openchoreoEnvironmentReadPermission,
   openchoreoReleaseCreatePermission,
   openchoreoReleaseReadPermission,
+  openchoreoReleaseDeletePermission,
   openchoreoReleaseBindingUpdatePermission,
   openchoreoReleaseBindingReadPermission,
   openchoreoRoleViewPermission,
diff --git a/plugins/openchoreo-common/src/permissions.ts b/plugins/openchoreo-common/src/permissions.ts
index 3efc30792..5133698e4 100644
--- a/plugins/openchoreo-common/src/permissions.ts
+++ b/plugins/openchoreo-common/src/permissions.ts
@@ -566,6 +566,15 @@ export const openchoreoReleaseReadPermission = createPermission({
   attributes: { action: 'read' },
 });
 
+/**
+ * Permission to delete a component release.
+ * Org-scoped permission.
+ */
+export const openchoreoReleaseDeletePermission = createPermission({
+  name: 'openchoreo.release.delete',
+  attributes: { action: 'delete' },
+});
+
 /**
  * Permission to update a release binding (e.g., undeploy a component from an environment).
  * Resource-based: requires the specific component context.
@@ -832,6 +841,7 @@ export const openchoreoPermissions = [
   openchoreoEnvironmentReadPermission,
   openchoreoReleaseCreatePermission,
   openchoreoReleaseReadPermission,
+  openchoreoReleaseDeletePermission,
   openchoreoReleaseBindingReadPermission,
   openchoreoReleaseBindingUpdatePermission,
   openchoreoRoleViewPermission,
@@ -928,6 +938,7 @@ export const OPENCHOREO_PERMISSION_TO_ACTION: Record<string, string> = {
   'openchoreo.environment.read': 'environment:view',
   'openchoreo.release.create': 'componentrelease:create',
   'openchoreo.release.read': 'componentrelease:view',
+  'openchoreo.release.delete': 'componentrelease:delete',
   'openchoreo.releasebinding.update': 'releasebinding:update',
   'openchoreo.releasebinding.read': 'releasebinding:view',
   'openchoreo.role.view': 'authzrole:view',
diff --git a/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx b/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx
index 5926afc06..fcee3e496 100644
--- a/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx
+++ b/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx
@@ -78,6 +78,7 @@ const ROLE_TEMPLATES = {
       'component:delete',
       'componentrelease:view',
       'componentrelease:create',
+      'componentrelease:delete',
       'releasebinding:view',
       'releasebinding:create',
       'releasebinding:update',
@@ -187,6 +188,7 @@ const ROLE_TEMPLATES = {
       'component:delete',
       'componentrelease:view',
       'componentrelease:create',
+      'componentrelease:delete',
       'releasebinding:view',
       'releasebinding:create',
       'releasebinding:update',
@@ -230,6 +232,7 @@ const ROLE_TEMPLATES = {
       'component:view',
       'componentrelease:view',
       'componentrelease:create',
+      'componentrelease:delete',
       'releasebinding:view',
       'releasebinding:create',
       'releasebinding:update',

From f85eb1f6e5dbb75748c553813d05d91ea532ae38 Mon Sep 17 00:00:00 2001
From: prdai <prdai@users.noreply.github.com>
Date: Mon, 18 May 2026 08:12:21 +0530
Subject: [PATCH 2/2] fix: limit component release delete defaults

Co-authored-by: Codex <codex@openai.com>
Signed-off-by: prdai <prdai@users.noreply.github.com>
---
 .../src/components/AccessControl/RolesTab/RoleDialog.tsx        | 2 --
 1 file changed, 2 deletions(-)

diff --git a/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx b/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx
index fcee3e496..9647dcd9e 100644
--- a/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx
+++ b/plugins/openchoreo/src/components/AccessControl/RolesTab/RoleDialog.tsx
@@ -188,7 +188,6 @@ const ROLE_TEMPLATES = {
       'component:delete',
       'componentrelease:view',
       'componentrelease:create',
-      'componentrelease:delete',
       'releasebinding:view',
       'releasebinding:create',
       'releasebinding:update',
@@ -232,7 +231,6 @@ const ROLE_TEMPLATES = {
       'component:view',
       'componentrelease:view',
       'componentrelease:create',
-      'componentrelease:delete',
       'releasebinding:view',
       'releasebinding:create',
       'releasebinding:update',