feat: step 2 Show project Status tab to editors in Cloud and Developer

admin/server/runtime_jwt.go

@@ -173,14 +173,16 @@ func (s *Server) issueRuntimeToken(ctx context.Context, opts *issueRuntimeTokenO
 		}
 	}
 
-	// Check if allowed to manage the deployment's environment.
+	// Check if allowed to manage the deployment's environment, or to read its status.
 	// NOTE: Only applicable for tokens issued for the claims owner (not possible to delegate to other end users).
-	var manageDepl bool
+	var manageDepl, readDeplStatus bool
 	if opts.forOwner {
 		if opts.deployment.Environment == "prod" {
 			manageDepl = opts.projectPermissions.ManageProd
+			readDeplStatus = opts.projectPermissions.ReadProdStatus
 		} else {
 			manageDepl = opts.projectPermissions.ManageDev
+			readDeplStatus = opts.projectPermissions.ReadDevStatus
 		}
 	}
 
@@ -191,6 +193,10 @@ func (s *Server) issueRuntimeToken(ctx context.Context, opts *issueRuntimeTokenO
 		runtime.ReadObjects,
 		runtime.UseAI,
 	}
+	if readDeplStatus {
+		// Status visibility: lets non-managers (e.g. editors) view the project Status page.
+		instancePermissions = append(instancePermissions, runtime.ReadInstance)
+	}
 	if manageDepl {
 		instancePermissions = append(
 			instancePermissions,

web-admin/src/features/projects/ProjectTabs.svelte

@@ -50,7 +50,7 @@
     {
       route: `/${organization}/${project}${branchPrefix}/-/status`,
       label: "Status",
-      hasPermission: projectPermissions.manageProject,
+      hasPermission: projectPermissions.readProdStatus,
     },
     {
       route: `/${organization}/${project}${branchPrefix}/-/settings`,

web-admin/src/routes/[organization]/[project]/-/status/+layout.ts

@@ -2,7 +2,7 @@ import { redirect } from "@sveltejs/kit";
 
 export const load = async ({ parent, params: { organization, project } }) => {
   const { projectPermissions } = await parent();
-  if (!projectPermissions?.manageProject) {
+  if (!projectPermissions?.readProdStatus) {
     throw redirect(307, `/${organization}/${project}`);
   }
 };