upcoming: [M3-7459] - Disable Contact / Billing Info for Restricted Users

[jaalah-akamai]

Description 📝

Users with read-only access, should not have the ability to edit billing contacts or add payment methods. Currently, the "Edit" billing contact and "Add payment method" buttons are active for these types of users. While users receive denials via the API when trying to submit changes, this may creates confusion and frustration. To improve the user experience and align with intended permissions, it's necessary to disable these buttons.

Changes 🔄

• Edit and Add Payment Method will be disabled for "Indirect Customers" and those with read_only account access.
• A tooltip will appear saying To edit this section, please contact your {administrator || business partner}.
• Fixed bug with disabled buttons not allowing us to tab out of them.

Preview 📷

Before	After
prod-contact-info.mp4
Didn't want to update screenshot, but it's been updated to say business partner.

How to test 🧪

Prerequisites

• One account with full access
• One account with restricted access

Reproduction steps

• Go to http://localhost:3000/account/billing

Verification steps

1. Log into any restricted account with parent/child feature flag disabled, observe the Edit and Add Payment Method buttons are disabled.
2. Turn parent/child feature flag on with Mock Service Workers
   • Observe the Edit and Add Payment Method buttons are enabled (by default we're in a parent state)
   • Then change parent to child on this line: https://github.com/linode/manager/blob/develop/packages/manager/src/mocks/serverHandlers.ts#L1236
   • Observe the Edit and Add Payment Method buttons are disabled.
   • Now change MSW from child to proxy and observe the Edit and Add Payment Method buttons are enabled.

As an Author I have considered 🤔

Check all that apply

• 👀 Doing a self review
• ❔ Our contribution guidelines
• 🤏 Splitting feature into small PRs
• ➕ Adding a changeset
• 🧪 Providing/Improving test coverage
• 🔐 Removing all sensitive information from the code and PR description
• 🚩 Using a feature flag to protect the release
• 👣 Providing comprehensive reproduction steps
• 📑 Providing or updating our documentation
• 🕛 Scheduling a pair reviewing session
• 📱 Providing mobile support
• ♿ Providing accessibility support

[jaalah-akamai]

@jdamore-linode This is what we talked about earlier. This is not a critical test, so we'll revisit at Cafe. 👍

[jaalah-akamai]

@jdamore-linode To add to our investigation, oddly this causes no issues.

[jdamore-linode]

Thanks again @jaalah-akamai! Still no explanation for why it doesn't hang here, but did confirm by upgrading Vitest that this Vitest PR fixed the issue.

Once this is merged I'll plan to open a PR that upgrades Vitest and re-enables the commented out test 👍

[bnussman-akamai]

I see the benefit of this approach to avoid dealing with loading states, but I don't think it's better than the MSW approach. Would like to discuss in cafe!

[mjac0bs]

I think your test steps have a typo in Observe the Edit and Add Payment Method buttons are disabled (by default we're in a parent state), which should be enabled.

I was able to confirm the following:

Scenario	Picture
✅ Restricted regular user with read_only account access, flag is off, mocks are off
✅ Restricted child user (with read_write account access), flag is on, mocks are on
✅ parent user or restricted proxy user (with read_write account access), flag is on, mocks are on

The disabled tooltips are read out via VO. See also the message I sent offline, but I may have not had the right key combination to be able to keyboard navigate away from the disabled Edit button - I can esc out of the open tooltip, but trying to Tab or Shift + Tab keeps me on that button.

Pending that the above is not an issue to resolve, approving with a couple of small things to address. In addition to my comments, this PR will need a changeset.

[jaalah-akamai]

I think your test steps have a typo in Observe the Edit and Add Payment Method buttons are disabled (by default we're in a parent state), which should be enabled.

Ahh yes, it's a typo! 🔍

[jaalah-akamai]

I can esc out of the open tooltip, but trying to Tab or Shift + Tab keeps me on that button.

@mjac0bs This should be fixed now while still preventing disabled buttons from submitting forms as outlined here: #10028 (review)

[bnussman-akamai]

Do we have to use useAccountUser? Is there no better way to get user_type?

[jaalah-akamai]

@bnussman-akamai I don't think so, user_type is a new field that's only returned from /account/users or /account/users/:user

[jaalah-akamai]

I'll see if API could also return that field as part of /account data.

[bnussman-akamai]

I see the benefit of this approach to avoid dealing with loading states, but I don't think it's better than the MSW approach. Would like to discuss in cafe!

[github-actions]

Coverage Report: ❌
Base Coverage: 79.87%
Current Coverage: 79.85%

[bnussman-akamai]

Disabled states look and new logic look good!