[v14] Supporting changes for download tab on Cloud (#36399)

lib/auth/auth_with_roles.go

@@ -6399,8 +6399,11 @@ func (a *ServerWithRoles) GetLicense(ctx context.Context) (string, error) {
 
 // ListReleases return Teleport Enterprise releases
 func (a *ServerWithRoles) ListReleases(ctx context.Context) ([]*types.Release, error) {
-	if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil {
-		return nil, trace.Wrap(err)
+	// on Cloud, any user is allowed to list releases
+	if !modules.GetModules().Features().Cloud {
+		if err := a.action(apidefaults.Namespace, types.KindDownload, types.VerbList); err != nil {
+			return nil, trace.Wrap(err)
+		}
 	}
 
 	return a.authServer.releaseService.ListReleases(ctx)

web/packages/teleport/src/stores/storeUserContext.ts

@@ -152,14 +152,22 @@ export default class StoreUserContext extends Store<UserContext> {
   // has access to download either teleport binaries or the license.
   // Since the page is used to download both of them, having access to one
   // is enough to show access this page.
-  // This page is only available for `dashboards`.
+  // This page is only available for `dashboards` and cloud customers.
   hasDownloadCenterListAccess() {
     return (
-      cfg.isDashboard &&
-      (this.state.acl.license.read || this.state.acl.download.list)
+      cfg.isCloud ||
+      (cfg.isDashboard &&
+        (this.state.acl.license.read || this.state.acl.download.list))
     );
   }
 
+  // hasSupportPageLinkAccess checks if the user
+  // has access to a Support external link in the side menu.
+  // This should only be displayed on `dashboards`.
+  hasSupportPageLinkAccess() {
+    return cfg.isDashboard;
+  }
+
   // hasAccessToAgentQuery checks for at least one valid query permission.
   // Nodes require only a 'list' access while the rest of the agents
   // require 'list + read'.

web/packages/teleport/src/teleportContext.tsx

@@ -192,6 +192,7 @@ class TeleportContext implements types.Context {
       accessRequests: hasAccessRequestsAccess(),
       newAccessRequest: userContext.getAccessRequestAccess().create,
       downloadCenter: userContext.hasDownloadCenterListAccess(),
+      supportLink: userContext.hasSupportPageLinkAccess(),
       discover: userContext.hasDiscoverAccess(),
       plugins: userContext.getPluginsAccess().list,
       integrations: userContext.getIntegrationsAccess().list,
@@ -232,6 +233,7 @@ export const disabledFeatureFlags: types.FeatureFlags = {
   newAccessRequest: false,
   accessRequests: false,
   downloadCenter: false,
+  supportLink: false,
   discover: false,
   plugins: false,
   integrations: false,

web/packages/teleport/src/types.ts

@@ -154,6 +154,7 @@ export interface FeatureFlags {
   accessRequests: boolean;
   newAccessRequest: boolean;
   downloadCenter: boolean;
+  supportLink: boolean;
   discover: boolean;
   plugins: boolean;
   integrations: boolean;