From 54320878867e45eaecb15bec2c21bdacf653c780 Mon Sep 17 00:00:00 2001
From: Pedro Igor <pigor.craveiro@gmail.com>
Date: Fri, 22 Aug 2025 08:23:50 -0300
Subject: [PATCH] Make it possible to check for permissions when deciding if a
 feature is enabled or not

Do not query organizations if manage-realm is not granted

Closes #41418

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
---
 js/apps/admin-ui/src/utils/useIsFeatureEnabled.ts | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/js/apps/admin-ui/src/utils/useIsFeatureEnabled.ts b/js/apps/admin-ui/src/utils/useIsFeatureEnabled.ts
index 37809185ce64..58a70d2217da 100644
--- a/js/apps/admin-ui/src/utils/useIsFeatureEnabled.ts
+++ b/js/apps/admin-ui/src/utils/useIsFeatureEnabled.ts
@@ -1,4 +1,5 @@
 import { useServerInfo } from "../context/server-info/ServerInfoProvider";
+import { useAccess } from "../context/access/Access";
 
 export enum Feature {
   AdminFineGrainedAuthz = "ADMIN_FINE_GRAINED_AUTHZ",
@@ -20,13 +21,23 @@ export enum Feature {
 
 export default function useIsFeatureEnabled() {
   const { features } = useServerInfo();
+  const { hasAccess } = useAccess();
+
+  const hasFeatureAccess = (feature: Feature) => {
+    switch (feature) {
+      case Feature.Organizations:
+        return hasAccess("manage-realm");
+      default:
+        return true;
+    }
+  };
 
   return function isFeatureEnabled(feature: Feature) {
     if (!features) {
       return false;
     }
     return features
-      .filter((f) => f.enabled)
+      .filter((f) => f.enabled && hasFeatureAccess(f.name as Feature))
       .map((f) => f.name)
       .includes(feature);
   };