diff --git a/lib/auth/auth_with_roles.go b/lib/auth/auth_with_roles.go index 04c72c453614b..a9765699da6ac 100644 --- a/lib/auth/auth_with_roles.go +++ b/lib/auth/auth_with_roles.go @@ -6399,8 +6399,11 @@ func (a *ServerWithRoles) GetLicense(ctx context.Context) (string, error) { // ListReleases return Teleport Enterprise releases func (a *ServerWithRoles) ListReleases(ctx context.Context) ([]*types.Release, error) { - if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil { - return nil, trace.Wrap(err) + // on Cloud, any user is allowed to list releases + if !modules.GetModules().Features().Cloud { + if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil { + return nil, trace.Wrap(err) + } } return a.authServer.releaseService.ListReleases(ctx) diff --git a/web/packages/teleport/src/stores/storeUserContext.ts b/web/packages/teleport/src/stores/storeUserContext.ts index 5748dc2c144d6..dcb9b9fa49f98 100644 --- a/web/packages/teleport/src/stores/storeUserContext.ts +++ b/web/packages/teleport/src/stores/storeUserContext.ts @@ -152,14 +152,22 @@ export default class StoreUserContext extends Store { // has access to download either teleport binaries or the license. // Since the page is used to download both of them, having access to one // is enough to show access this page. - // This page is only available for `dashboards`. + // This page is only available for `dashboards` and cloud customers. hasDownloadCenterListAccess() { return ( - cfg.isDashboard && - (this.state.acl.license.read || this.state.acl.download.list) + cfg.isCloud || + (cfg.isDashboard && + (this.state.acl.license.read || this.state.acl.download.list)) ); } + // hasSupportPageLinkAccess checks if the user + // has access to a Support external link in the side menu. + // This should only be displayed on `dashboards`. + hasSupportPageLinkAccess() { + return cfg.isDashboard; + } + // hasAccessToAgentQuery checks for at least one valid query permission. // Nodes require only a 'list' access while the rest of the agents // require 'list + read'. diff --git a/web/packages/teleport/src/teleportContext.tsx b/web/packages/teleport/src/teleportContext.tsx index 403d28b316f49..c0e520f656757 100644 --- a/web/packages/teleport/src/teleportContext.tsx +++ b/web/packages/teleport/src/teleportContext.tsx @@ -192,6 +192,7 @@ class TeleportContext implements types.Context { accessRequests: hasAccessRequestsAccess(), newAccessRequest: userContext.getAccessRequestAccess().create, downloadCenter: userContext.hasDownloadCenterListAccess(), + supportLink: userContext.hasSupportPageLinkAccess(), discover: userContext.hasDiscoverAccess(), plugins: userContext.getPluginsAccess().list, integrations: userContext.getIntegrationsAccess().list, @@ -232,6 +233,7 @@ export const disabledFeatureFlags: types.FeatureFlags = { newAccessRequest: false, accessRequests: false, downloadCenter: false, + supportLink: false, discover: false, plugins: false, integrations: false, diff --git a/web/packages/teleport/src/types.ts b/web/packages/teleport/src/types.ts index c5273ea800ef0..8ae799cda5fa5 100644 --- a/web/packages/teleport/src/types.ts +++ b/web/packages/teleport/src/types.ts @@ -154,6 +154,7 @@ export interface FeatureFlags { accessRequests: boolean; newAccessRequest: boolean; downloadCenter: boolean; + supportLink: boolean; discover: boolean; plugins: boolean; integrations: boolean;