fix(authz): skip env-scoped /evaluate-with-context when authz is disabled

[kaviththiranga]

The frontend env-scoped permission hook fired POST /evaluate-with-context
on every render even when openchoreo.features.authz.enabled = false. The
policy backend skips mounting that route under AllowAllPolicy, so the
fetch 404'd and failed closed → every env tile body on the Deploy page
showed "You do not have permission to view the deployment in {env}".

Short-circuit useEnvScopedPermission to return baseCheck (which already
reports allowed: true under AllowAllPolicy) when useAuthzEnabled() is
false. One chokepoint covers all nine env-scoped consumer hooks.

Summary by CodeRabbit

Release Notes

• Tests

  • Added comprehensive test coverage for permission evaluation hook, verifying behavior across authorization enabled/disabled states and environment-scoped checks

• Bug Fixes

  • Improved permission evaluation to gracefully handle disabled authorization modes, eliminating unnecessary backend requests and ensuring consistent permission determination across system configurations

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 925829b1-2d50-449e-8b5e-2e6860852920

📥 Commits

Reviewing files that changed from the base of the PR and between 9b241bf and a57aa54.

📒 Files selected for processing (2)

• plugins/openchoreo-react/src/hooks/useEnvScopedPermission.test.ts
• plugins/openchoreo-react/src/hooks/useEnvScopedPermission.ts

---

📝 Walkthrough

Walkthrough

The PR integrates authz enablement detection into useEnvScopedPermission, allowing the hook to gracefully degrade to base permission checks when OpenChoreo authz is disabled, rather than attempting backend evaluation. Comprehensive test coverage validates authz-enabled/disabled paths and fallback scenarios.

Changes

Authz-Enabled Environment Permission Evaluation

Layer / File(s)	Summary
Hook implementation with authz enablement integration plugins/openchoreo-react/src/hooks/useEnvScopedPermission.ts	Import useAuthzEnabled(), document disabled-authz behavior, add early-exit effect to skip backend fetch when authz is disabled, and update return logic to degrade gracefully to base usePermission results when authz is not enabled or no environment is provided.
Test suite with mocks, fixtures, and comprehensive cases plugins/openchoreo-react/src/hooks/useEnvScopedPermission.test.ts	Jest test harness mocking usePermission, Backstage APIs, and useAuthzEnabled. Tests validate authz-enabled backend success/failure, authz-disabled fallback behavior, and no-environment bypass, with assertions for single backend fetch and correct allowed propagation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Suggested reviewers

• sameerajayasoma
• stefinie123

Poem

🐰 A permission check that bows to authz's will,
When disabled, falls back graceful and still.
Tests guard each path—enabled, disabled, and bare—
Backend calls only when the time is fair! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description provides purpose, context, and implementation details, but lacks structured sections required by the repository template (Goals, Approach, User Stories, Release Notes, etc.).	Add missing template sections: Goals, Approach, User stories, Release note, Documentation, Security checks, and Test environment to match repository requirements.
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main fix: skipping env-scoped /evaluate-with-context API calls when authz is disabled, which directly addresses the core issue in the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!