Draft: Consolidate Code Suggestions permission checks

Dhruv Rathirequested to merge
560766-amazon-q-duo-pro-permissions into master

What does this MR do and why?

This MR consolidates Code Suggestions permission checks into a single source of truth in the global policy, addressing duplicate permission logic and fixing Amazon Q licensing inconsistency identified in #560766.

Problem

Code Suggestions currently has duplicate permission checks that can lead to inconsistent behavior:

  1. Global Policy: Uses allowed_to_use?(:code_suggestions) with default licensed_feature: :ai_features
  2. API Controller: Uses allowed_to_use?(:code_suggestions, licensed_feature: task.licensed_feature) which can be :amazon_q for Amazon Q

This creates a scenario where the same user and feature are evaluated with different licensing parameters, potentially causing access violations.

Solution

  • Enhanced Global Policy: Made the code_suggestions_enabled_for_user condition context-aware to handle Amazon Q licensing
  • Simplified API Controller: Removed duplicate permission check, relying solely on the policy
  • Consistent Licensing: Policy now determines the appropriate licensed_feature (:amazon_q or :ai_features) based on context

References

Screenshots or screen recordings

Not applicable - backend permission logic changes

How to set up and validate locally

TODO

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #560766

Merge request reports