Frontend: Hide pages and buttons in the Secrets Manager based on permissions granted to the current user

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Why are we doing this work

We need to know what permissions the current user has with regards to the Secret Manager, to determine which action buttons and pages are hidden from them if they don't have the permission to view/use them.

For example, if the current user has the read permission but not the update permission, then they should be able to view the secrets but are not allowed to edit them. The edit button would be hidden in the UI for them, and the /edit path would be unavailable as well.

Implementation plan

• Fetch granular permissions for the current user from the backend
• Block routes based on the permissions the user does not have (e.g. if the user doesn't have the create permission, they cannot access the /new route and will be lead to a 404 page instead).
• Hide UI elements based on the permissions the user does not have

Verification steps

Setup

1. Set up openbao on your gdk.
2. Enable the Secrets Manager on gdk.
3. When enabling the Secrets Manager, the Owner is automatically given permission. Pull the changes from !195994 (merged) to add more permissions.

Verification

1. Go to Secure > Secrets to visit the Secrets Manager.
2. Verify that the routes and UI elements are blocked based on the current user's permissions.