feat: show access denied UI for canvas components when metrics view is inaccessible#9069
Draft
feat: show access denied UI for canvas components when metrics view is inaccessible#9069
Conversation
…s inaccessible in canvas When a user doesn't have access to metrics views referenced by canvas components, the backend removes those views from referencedMetricsViews. Previously this caused all affected components to show alarming red 'Metrics view X not found' errors. Changes: - Track access-denied metrics views in CanvasEntity by comparing component references against available metricsViews - Add ComponentAccessDenied.svelte with muted lock icon UI - Update Chart, Leaderboard, Pivot, KPI Grid, and KPI components to show the access denied component instead of the red error - Style access-denied cards with neutral border instead of destructive Resolves APP-790 Co-authored-by: ericokuma <ericokuma@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When a user doesn't have access to metrics views referenced by canvas components (due to security policies), the backend silently removes those metrics views from the
referencedMetricsViewsresponse. Previously, this caused all affected components to show alarming red "Metrics view X not found" error messages, which was confusing and looked broken.This PR introduces a cleaner, muted "access denied" UI that correctly differentiates between true configuration errors and access restrictions.
Changes
CanvasEntity(canvas-entity.ts)_accessDeniedMetricsViewsstore to track metrics views that are referenced by components but not present in thereferencedMetricsViewsresponse (indicating the backend filtered them due to access policies)isMetricsViewAccessDenied(name)method returning a reactive boolean storecomputeAccessDeniedMetricsViews()to compute the denied set during spec processingComponentAccessDenied.svelte(new)bg-surface-secondary/50background instead of destructive redCanvas display components updated:
CanvasChart.svelte- shows access denied UI for both schema and data errorsLeaderboardDisplay.svelte- shows access denied UI when schema validation failsCanvasPivotDisplay.svelte+CanvasPivotRenderer.svelte- passes access denied state to rendererKPIGrid.svelte- importedComponentAccessDenied(KPI items handled by provider)KPIProvider.svelte- shows access denied UI instead of rendering disabled KPICanvasComponent.svelteHow it works
The backend's
ResolveCanvasAPI applies security policies and removes inaccessible metrics views fromreferencedMetricsViews, but still returns all components in the canvas spec. By comparing componentmetrics_viewreferences against the availablereferencedMetricsViews, we can determine which views were filtered due to access restrictions and show an appropriate UI.Closes APP-790
Checklist:
Linear Issue: APP-790