diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go index 2325ca75f142c..752d6e3b6765a 100644 --- a/lib/auth/auth_with_roles.go +++ b/lib/auth/auth_with_roles.go @@ -6303,8 +6303,11 @@ func (a *ServerWithRoles) GetLicense(ctx context.Context) (string, error) { // ListReleases return Teleport Enterprise releases func (a *ServerWithRoles) ListReleases(ctx context.Context) ([]*types.Release, error) { - if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil { - return nil, trace.Wrap(err) + // on Cloud, any user is allowed to list releases + if !modules.GetModules().Features().Cloud { + if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil { + return nil, trace.Wrap(err) + } } return a.authServer.releaseService.ListReleases(ctx) diff --git a/web/packages/teleport/src/stores/storeUserContext.ts b/web/packages/teleport/src/stores/storeUserContext.ts index cfb6e12a04f42..8f20a3cfb71f6 100644 --- a/web/packages/teleport/src/stores/storeUserContext.ts +++ b/web/packages/teleport/src/stores/storeUserContext.ts @@ -157,14 +157,22 @@ export default class StoreUserContext extends Store { // has access to download either teleport binaries or the license. // Since the page is used to download both of them, having access to one // is enough to show access this page. - // This page is only available for `dashboards`. + // This page is only available for `dashboards` and cloud customers. hasDownloadCenterListAccess() { return ( - cfg.isDashboard && - (this.state.acl.license.read || this.state.acl.download.list) + cfg.isCloud || + (cfg.isDashboard && + (this.state.acl.license.read || this.state.acl.download.list)) ); } + // hasSupportPageLinkAccess checks if the user + // has access to a Support external link in the side menu. + // This should only be displayed on `dashboards`. + hasSupportPageLinkAccess() { + return cfg.isDashboard; + } + // hasAccessToAgentQuery checks for at least one valid query permission. // Nodes require only a 'list' access while the rest of the agents // require 'list + read'. diff --git a/web/packages/teleport/src/teleportContext.tsx b/web/packages/teleport/src/teleportContext.tsx index 182035549cb23..5c51017c5a2a3 100644 --- a/web/packages/teleport/src/teleportContext.tsx +++ b/web/packages/teleport/src/teleportContext.tsx @@ -194,6 +194,7 @@ class TeleportContext implements types.Context { accessRequests: hasAccessRequestsAccess(), newAccessRequest: userContext.getAccessRequestAccess().create, downloadCenter: userContext.hasDownloadCenterListAccess(), + supportLink: userContext.hasSupportPageLinkAccess(), discover: userContext.hasDiscoverAccess(), plugins: userContext.getPluginsAccess().list, integrations: userContext.getIntegrationsAccess().list, @@ -234,6 +235,7 @@ export const disabledFeatureFlags: types.FeatureFlags = { newAccessRequest: false, accessRequests: false, downloadCenter: false, + supportLink: false, discover: false, plugins: false, integrations: false, diff --git a/web/packages/teleport/src/types.ts b/web/packages/teleport/src/types.ts index 3e367091d9d00..3be5b8c7a90a7 100644 --- a/web/packages/teleport/src/types.ts +++ b/web/packages/teleport/src/types.ts @@ -156,6 +156,7 @@ export interface FeatureFlags { accessRequests: boolean; newAccessRequest: boolean; downloadCenter: boolean; + supportLink: boolean; discover: boolean; plugins: boolean; integrations: boolean;