A role without a tag should not have its permissions restricted.

[novakzaballa]

How are you running Flagsmith

• [ ] Self Hosted with Docker
• [ ] Self Hosted with Kubernetes
• [X] SaaS at flagsmith.com
• [X] Some other way (add details in description below)

Describe the bug

If a role without a tag should not have its permissions(UPDATE_FEATURE_STATE and/or DELETE_FEATURE) restricted.

Steps To Reproduce

1. Create a role with View Project, View environment, and delete feature, and assign it to test user
2. Log in with the test user
3. Go to the project -> environment that you have permission to access.
4. Try to delete a feature
5. Error 403

Expected behavior

If there is no tag restricting the permissions, the feature should be deleted successfully.

Screenshots

No response

CC @matthewelwell @gagantrivedi @kyle-ssg

[matthewelwell]

@novakzaballa the example you have given in the description is not valid. The permission for deleting features is the DELETE_FEATURE at the project level. I'm going to close this issue but please re-open it if there is another valid reproduction scenario.

[novakzaballa]

@matthewelwell I'm sorry, there was confusion in the PR description. I will correct this with the correct permission and reopen this issue

[novakzaballa]

Related with https://github.com/Flagsmith/flagsmith/issues/1535

[gagantrivedi]

@novakzaballa I think this is a duplicate of https://github.com/Flagsmith/flagsmith/issues/4506 and was fixed here: https://github.com/Flagsmith/flagsmith-rbac/pull/24? Is that correct? I am not able to reproduce this

[gagantrivedi]

@novakzaballa I think this is a duplicate of #4506 and was fixed here: Flagsmith/flagsmith-rbac#24? Is that correct? I am not able to reproduce this

Ah, I am able to reproduce this if I tag the feature?

[novakzaballa]

Hey @gagantrivedi, you’re right. The PR also resolved part of the issue with the roles in the same way. I’ll merge it along with my PR.