From 3991471cd7fcb8a1b2392b4f8de00544d4c3e7df Mon Sep 17 00:00:00 2001
From: mcbattirola <mcbattirola@hotmail.com>
Date: Mon, 8 Jan 2024 10:17:23 -0300
Subject: [PATCH 1/3] Add new flag to show/hide support link

---
 .../teleport/src/stores/storeUserContext.ts        | 14 +++++++++++---
 web/packages/teleport/src/teleportContext.tsx      |  2 ++
 web/packages/teleport/src/types.ts                 |  1 +
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/web/packages/teleport/src/stores/storeUserContext.ts b/web/packages/teleport/src/stores/storeUserContext.ts
index cfb6e12a04f42..bd599ef004b96 100644
--- a/web/packages/teleport/src/stores/storeUserContext.ts
+++ b/web/packages/teleport/src/stores/storeUserContext.ts
@@ -157,14 +157,22 @@ export default class StoreUserContext extends Store<UserContext> {
   // has access to download either teleport binaries or the license.
   // Since the page is used to download both of them, having access to one
   // is enough to show access this page.
-  // This page is only available for `dashboards`.
+  // This page is only available for `dashboards` and cloud customers.
   hasDownloadCenterListAccess() {
     return (
-      cfg.isDashboard &&
-      (this.state.acl.license.read || this.state.acl.download.list)
+      cfg.isCloud ||
+      (cfg.isDashboard &&
+        (this.state.acl.license.read || this.state.acl.download.list))
     );
   }
 
+  // hasSupportPageLinkAccess checks if the user
+  // has access to a Support external link in the side menu.
+  // This should only be displayed on `dashboards`.
+  hasSupportPageLinkAccess() {
+    return cfg.isDashboard
+  }
+
   // hasAccessToAgentQuery checks for at least one valid query permission.
   // Nodes require only a 'list' access while the rest of the agents
   // require 'list + read'.
diff --git a/web/packages/teleport/src/teleportContext.tsx b/web/packages/teleport/src/teleportContext.tsx
index 182035549cb23..5c51017c5a2a3 100644
--- a/web/packages/teleport/src/teleportContext.tsx
+++ b/web/packages/teleport/src/teleportContext.tsx
@@ -194,6 +194,7 @@ class TeleportContext implements types.Context {
       accessRequests: hasAccessRequestsAccess(),
       newAccessRequest: userContext.getAccessRequestAccess().create,
       downloadCenter: userContext.hasDownloadCenterListAccess(),
+      supportLink: userContext.hasSupportPageLinkAccess(),
       discover: userContext.hasDiscoverAccess(),
       plugins: userContext.getPluginsAccess().list,
       integrations: userContext.getIntegrationsAccess().list,
@@ -234,6 +235,7 @@ export const disabledFeatureFlags: types.FeatureFlags = {
   newAccessRequest: false,
   accessRequests: false,
   downloadCenter: false,
+  supportLink: false,
   discover: false,
   plugins: false,
   integrations: false,
diff --git a/web/packages/teleport/src/types.ts b/web/packages/teleport/src/types.ts
index 3e367091d9d00..3be5b8c7a90a7 100644
--- a/web/packages/teleport/src/types.ts
+++ b/web/packages/teleport/src/types.ts
@@ -156,6 +156,7 @@ export interface FeatureFlags {
   accessRequests: boolean;
   newAccessRequest: boolean;
   downloadCenter: boolean;
+  supportLink: boolean;
   discover: boolean;
   plugins: boolean;
   integrations: boolean;

From 1cf9d87a2f86487d6fd1bbc8a0249c6ca3901cc3 Mon Sep 17 00:00:00 2001
From: mcbattirola <mcbattirola@hotmail.com>
Date: Mon, 8 Jan 2024 12:45:10 -0300
Subject: [PATCH 2/3] Lint

---
 web/packages/teleport/src/stores/storeUserContext.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/packages/teleport/src/stores/storeUserContext.ts b/web/packages/teleport/src/stores/storeUserContext.ts
index bd599ef004b96..8f20a3cfb71f6 100644
--- a/web/packages/teleport/src/stores/storeUserContext.ts
+++ b/web/packages/teleport/src/stores/storeUserContext.ts
@@ -170,7 +170,7 @@ export default class StoreUserContext extends Store<UserContext> {
   // has access to a Support external link in the side menu.
   // This should only be displayed on `dashboards`.
   hasSupportPageLinkAccess() {
-    return cfg.isDashboard
+    return cfg.isDashboard;
   }
 
   // hasAccessToAgentQuery checks for at least one valid query permission.

From d4c862cf390f1fe979f65bf8993391492b10d141 Mon Sep 17 00:00:00 2001
From: mcbattirola <mcbattirola@hotmail.com>
Date: Tue, 9 Jan 2024 12:48:59 -0300
Subject: [PATCH 3/3] Allow any user to list releases on cloud

---
 lib/auth/auth_with_roles.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go
index 2325ca75f142c..752d6e3b6765a 100644
--- a/lib/auth/auth_with_roles.go
+++ b/lib/auth/auth_with_roles.go
@@ -6303,8 +6303,11 @@ func (a *ServerWithRoles) GetLicense(ctx context.Context) (string, error) {
 
 // ListReleases return Teleport Enterprise releases
 func (a *ServerWithRoles) ListReleases(ctx context.Context) ([]*types.Release, error) {
-	if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil {
-		return nil, trace.Wrap(err)
+	// on Cloud, any user is allowed to list releases
+	if !modules.GetModules().Features().Cloud {
+		if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil {
+			return nil, trace.Wrap(err)
+		}
 	}
 
 	return a.authServer.releaseService.ListReleases(ctx)