Merge pull request #8756 from andrej-scinote/aj_SCI_12212

Disable workspace tabs if you do not have permission [SCI-12212]

app/controllers/users/settings/teams_controller.rb

@@ -28,6 +28,8 @@ module Users
         members
       )
 
+      before_action :check_read_permissions, only: :show
+
       before_action :check_create_team_permission,
                     only: %i(new create)
 
@@ -138,6 +140,10 @@ module Users
         render_403 unless can_create_teams?
       end
 
+      def check_read_permissions
+        render_403 unless can_read_team?(@team)
+      end
+
       def load_user
         @user = current_user
       end

app/views/users/settings/teams/_header.html.erb

@@ -18,7 +18,7 @@
   </div>
 </div>
 <div class="flex items-center gap-4 p-2 mb-4 bg-white">
-  <%= link_to t("users.settings.teams.navigation.details"), team_path(@team), class: "p-2.5 hover:no-underline #{ @active_tab == :details ? "text-sn-blue" : "text-sn-grey" }"%>
+  <%= link_to t("users.settings.teams.navigation.details"), team_path(@team), class: "p-2.5 hover:no-underline #{ 'disabled' unless can_read_team?(@team) } #{ @active_tab == :details ? "text-sn-blue" : "text-sn-grey" }"%>
   <%= link_to t("users.settings.teams.navigation.members"), members_users_settings_team_path(@team), class: "p-2.5 hover:no-underline #{ @active_tab == :members ? "text-sn-blue" : "text-sn-grey" }"%>
-  <%= link_to t("users.settings.teams.navigation.groups"), users_settings_team_user_groups_path(@team), class: "p-2.5 hover:no-underline #{ @active_tab == :user_groups ? "text-sn-blue" : "text-sn-grey" }"%>
+  <%= link_to t("users.settings.teams.navigation.groups"), users_settings_team_user_groups_path(@team), class: "p-2.5 hover:no-underline  #{ 'disabled' unless can_read_team?(@team) } #{ @active_tab == :user_groups ? "text-sn-blue" : "text-sn-grey" }"%>
 </div>