Skip to content

Skip system notifications polling for users without notifications:read permission#25387

Merged
dennisoelkers merged 5 commits intomasterfrom
issue-10902
Mar 25, 2026
Merged

Skip system notifications polling for users without notifications:read permission#25387
dennisoelkers merged 5 commits intomasterfrom
issue-10902

Conversation

@kmerz
Copy link
Copy Markdown
Member

@kmerz kmerz commented Mar 20, 2026
edited
Loading

Description

Move the notification permission check from an <IfPermitted permissions="notifications:read"> wrapper in Navigation.tsx into the NotificationBadge component itself. The badge now checks the current user's permissions for any notification read access (*, notifications:*, or notifications:read:*) and passes an enabled flag to useNotifications(), which forwards it to React Query. When disabled, the query never executes — no polling, no network requests.

Motivation and Context

The original <IfPermitted permissions="notifications:read"> wrapper required the blanket notifications:read permission. Users who only had type-specific permissions like notifications:read:deflector_migration would never see the badge, even though the backend would return notifications for them.

Simply removing the wrapper (so the badge always renders) fixes visibility but still polls GET /api/system/notifications every 3 seconds for users with zero notification permissions — unnecessary network traffic and server load.

This approach solves both problems: users with any notification read permission see the badge and get polling; users with none see nothing and generate no traffic.

How Has This Been Tested?

  • NotificationBadge.test.tsx: Added test verifying that a user without notification permissions causes useNotifications to be called with { enabled: false } and the badge is not rendered. Existing tests continue to pass for users with permissions.
  • Navigation.test.tsx: Updated tests to check badge visibility based on notification data instead of permissions (the permission gating now lives in NotificationBadge, not Navigation).

All existing and new tests pass.

Fixes Graylog2/graylog-plugin-enterprise#10902

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactoring (non-breaking change)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have requested a documentation update.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.

@kmerz kmerz changed the title Skip system notifications polling for users without notifications:read permissio Skip system notifications polling for users without notifications:read permission Mar 20, 2026
kmerz and others added 2 commits March 20, 2026 13:48
@kmerz @claude
Skip system notifications polling for users without notifications:rea…
019bb87 
…d permission

Wrap NotificationBadge in IfPermitted so users who cannot see
notifications (e.g. app owner) no longer trigger the 3-second
polling to /api/system/notifications.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kmerz @claude
Add tests for notification badge permission gating
380537d 
Verify that NotificationBadge is only rendered for users with
notifications:read permission and hidden for users without it.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
kmerz and others added 2 commits March 20, 2026 14:02
@kmerz @claude
Add changelog entry for issue 10902
2bd0583 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kmerz @claude
Fix notification fixture type in Navigation test
827b60d 
Use complete notification object to satisfy TypeScript type check.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kmerz kmerz marked this pull request as ready for review March 20, 2026 13:19
@kmerz kmerz requested review from dennisoelkers, linuspahl and maxiadlovskii and removed request for dennisoelkers and linuspahl March 20, 2026 13:19
dennisoelkers
dennisoelkers requested changes Mar 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dennisoelkers dennisoelkers left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the NotificationsResource, we filter all notifications with the permission notifications:read:<type>, meaning that we can assign permissions on a notification-type level. This PR would now disable all notifications for a user that has notifications:read:foo but not notifications:read.

@kmerz @claude
Skip notification polling for users without notification permissions
c869e6c 
Move permission check from IfPermitted wrapper into NotificationBadge
component. The badge now checks the current user's permissions for any
notification read access and disables the useNotifications query when
none exist, avoiding unnecessary 3s polling for unpermissioned users
while still showing the badge for users with type-specific permissions
like notifications:read:deflector_migration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kmerz kmerz requested a review from dennisoelkers March 23, 2026 12:32
@dennisoelkers dennisoelkers merged commit 775f4d8 into master Mar 25, 2026
29 of 30 checks passed
@dennisoelkers dennisoelkers deleted the issue-10902 branch March 25, 2026 07:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dennisoelkers dennisoelkers dennisoelkers approved these changes

@maxiadlovskii maxiadlovskii Awaiting requested review from maxiadlovskii

@linuspahl linuspahl Awaiting requested review from linuspahl

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kmerz @dennisoelkers