diff --git a/frontend/editor/public/locales/en-GB/translation.toml b/frontend/editor/public/locales/en-GB/translation.toml index 3a0dadacf..342fa0c80 100644 --- a/frontend/editor/public/locales/en-GB/translation.toml +++ b/frontend/editor/public/locales/en-GB/translation.toml @@ -5869,7 +5869,7 @@ security = "Security" [policies.detail] editSettings = "Edit Settings" enforces = "Enforces" -managedByOrg = "Managed by your organization. Contact an admin to change this policy." +managedByOrg = "Managed by your organization. Contact a team leader to change this policy." noActivityDescription = "Documents will appear here once this policy runs." noActivityTitle = "No activity yet" onEveryUpload = "On every upload" @@ -5931,7 +5931,7 @@ filenamePrefix = "Prefix" filenameSuffix = "Suffix" filenameTextAria = "Filename text" filenameTextPlaceholder = "Text to add (optional)" -lockedDescription = "Contact an admin to change this policy." +lockedDescription = "Contact a team leader to change this policy." lockedTitle = "Managed by your organization" maxRetriesLabel = "Max retries" noToolsError = "Add at least one configured tool to the workflow first." diff --git a/frontend/editor/src/proprietary/components/policies/PolicyDetailPanel.tsx b/frontend/editor/src/proprietary/components/policies/PolicyDetailPanel.tsx index 76d5a9688..114f1ac16 100644 --- a/frontend/editor/src/proprietary/components/policies/PolicyDetailPanel.tsx +++ b/frontend/editor/src/proprietary/components/policies/PolicyDetailPanel.tsx @@ -279,7 +279,7 @@ export function PolicyDetailPanel({ icon={} description={t( "policies.detail.managedByOrg", - "Managed by your organization. Contact an admin to change this policy.", + "Managed by your organization. Contact a team leader to change this policy.", )} /> )} diff --git a/frontend/editor/src/proprietary/components/policies/PolicySetupWizard.tsx b/frontend/editor/src/proprietary/components/policies/PolicySetupWizard.tsx index 6bb2ce312..27dedf617 100644 --- a/frontend/editor/src/proprietary/components/policies/PolicySetupWizard.tsx +++ b/frontend/editor/src/proprietary/components/policies/PolicySetupWizard.tsx @@ -179,7 +179,7 @@ export function PolicySetupWizard({ )} description={t( "policies.wizard.lockedDescription", - "Contact an admin to change this policy.", + "Contact a team leader to change this policy.", )} /> diff --git a/frontend/editor/src/proprietary/hooks/usePolicies.ts b/frontend/editor/src/proprietary/hooks/usePolicies.ts index a1ed78a28..292cb9d0b 100644 --- a/frontend/editor/src/proprietary/hooks/usePolicies.ts +++ b/frontend/editor/src/proprietary/hooks/usePolicies.ts @@ -8,6 +8,7 @@ import { useState, useEffect, useCallback } from "react"; import { useAppConfig } from "@app/contexts/AppConfigContext"; +import { useSaaSTeam } from "@app/contexts/SaaSTeamContext"; import { loadPolicies, onPoliciesChange, @@ -65,6 +66,7 @@ function toStoreRequest( export function usePolicies() { const [policies, setPolicies] = useState(loadPolicies); const { config } = useAppConfig(); + const { isTeamLeader } = useSaaSTeam(); useEffect(() => onPoliciesChange(() => setPolicies(loadPolicies())), []); @@ -293,17 +295,13 @@ export function usePolicies() { return folder.id; }, []); - // Editing/creating policies is admin-only, mirroring the backend's enforcement - // on the save/delete endpoints. On single-user deployments (login disabled) - // there's no admin concept, so the local operator can always configure. When - // login is enabled, only admins can — non-admins get the read-only surface. - // The `config != null` guard keeps the gate CLOSED until app-config resolves: - // config is null while loading (and in bare test renders), and a failed/partial - // fetch can yield `{ enableLogin: true }` with isAdmin omitted. Without it a - // non-admin would briefly see edit controls during load, and an admin would be - // wrongly locked out on a transient config-fetch error. + // Only a team leader (SaaS) or a global admin (self-hosted) may configure; + // everyone else gets the read-only surface. Login disabled (single-user) + // always can. Stays closed until config loads, so edit controls never flash + // for users who can't use them. const canConfigure = - config != null && (!config.enableLogin || config.isAdmin === true); + config != null && + (!config.enableLogin || isTeamLeader || config.isAdmin === true); return { policies,