feat: add button-level permission control

[cxymds]

Type of Change

• New Feature
• Bug Fix
• Documentation
• Performance Improvement
• Test/CI
• Refactor
• Other:

Related Issues

• N/A

Summary of Changes

• add a dedicated capability layer via permission-capabilities and permission-resources to map UI actions to backend permissions and S3 resource scopes
• extend frontend policy parsing to align with current RustFS behavior, including Deny precedence, NotAction, NotResource, wildcard normalization, and RustFS action alias handling
• expose canCapability(capability, context?) from usePermissions for page-level and component-level permission checks
• gate non-admin page actions for bucket, object, access key, user, and policy operations
• add internal guard logic for bucket/object/user edit flows so submit paths do not rely only on button visibility
• add BUTTON_PERMISSION_CONTROL_SUMMARY.md to document capability mapping, controlled buttons, README-ready text, and PR-ready notes

Checklist

• Passed required checks for this repo:
  • pnpm install --frozen-lockfile
  • pnpm tsc --noEmit
  • pnpm lint
  • pnpm prettier --check .
• Added/updated necessary tests
• Documentation updated where needed
• Self-review completed

Impact

• Breaking change (compatibility)
• Requires doc/config/deployment update
• Other impact: frontend button visibility and editability on non-admin pages now follow capability-based permission checks

Additional Notes

• frontend button control remains UX-layer gating only; backend authorization is still the source of truth
• capability design references S3/MinIO policy semantics and is aligned to the current RustFS backend action behavior
• admin-only pages remain out of scope for this round because their menu access is already controlled
• /events is only partially adapted in this change and still needs follow-up capability-based gating
• pnpm test:run is not available in the current package.json, so no automated test script could be executed for this PR
• pnpm lint completes successfully with one existing warning in components/object/preview-modal.tsx for @next/next/no-img-element

[Copilot]

Pull request overview

Adds a capability-based permission layer to gate non-admin UI actions at the button/flow level, aligning frontend policy evaluation more closely with current RustFS behavior (deny precedence, NotAction/NotResource, wildcard/action alias handling).

Changes:

• Introduces permission-capabilities + permission-resources to map UI capabilities to backend actions and S3 resource ARNs.
• Extends console-policy-parser to better match RustFS semantics (aliases, NotResource, console/admin nuances).
• Updates multiple pages/components to hide/disable actions and add submit-path guards using usePermissions().canCapability(...).

Reviewed changes

Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
lib/permission-resources.ts	Adds helpers to build bucket/object/prefix S3 ARNs for permission checks.
lib/permission-capabilities.ts	Defines ConsoleCapability and maps capabilities to backend actions + resource targets.
lib/console-policy-parser.ts	Expands policy parsing semantics (NotResource, alias normalization, deny precedence alignment).
hooks/use-permissions.tsx	Exposes canCapability(capability, context?) from the permissions context.
components/user/edit-form.tsx	Gates user edit tabs and submit-path operations by capability.
components/object/versions.tsx	Gates per-version preview/download/delete buttons using capability checks.
components/object/upload-picker.tsx	Adds canUpload prop and blocks upload interactions when unauthorized.
components/object/list.tsx	Gates object row actions and bulk actions; hides upload button when unauthorized.
components/object/info.tsx	Gates object actions (download/preview/tags/legal hold/retention/share/versions) and adds submit guards.
components/events/columns.tsx	Adds canDelete parameter to control delete button visibility in event rows.
components/buckets/replication-tab.tsx	Gates replication rule add/delete UI and delete handler by capability.
components/buckets/new-form.tsx	Gates bucket creation and advanced options (versioning/object lock/quota) by capability.
components/buckets/lifecycle-tab.tsx	Gates lifecycle rule add/delete UI and delete handler by capability.
components/buckets/info.tsx	Gates bucket policy/encryption/tags/versioning/quota/retention UI and adds submit guards.
components/buckets/events-tab.tsx	Gates bucket event subscription add/delete UI and delete handler by capability.
app/(dashboard)/users/page.tsx	Gates user CRUD/bulk actions and “add to group” by capability.
app/(dashboard)/policies/page.tsx	Gates policy create/edit/delete actions by capability.
app/(dashboard)/events/page.tsx	Updates getEventsColumns call signature (still hardcoded canDelete=true).
app/(dashboard)/browser/page.tsx	Gates bucket create/delete actions by capability.
app/(dashboard)/browser/content.tsx	Computes upload capability for current bucket/prefix and passes to list/upload picker.
app/(dashboard)/access-keys/page.tsx	Gates access key CRUD/bulk delete actions by capability.
BUTTON_PERMISSION_CONTROL_SUMMARY.md	Documents capability mapping, controlled buttons, and rollout notes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.