[web] Add admin permission modify-group-setting (#27657)

* Add capacity `modify-group-setting`

* Check `modify-group-setting` (backend)

* Check `modify-group-setting` (frontend)

* Update tests

* Fix: Add entityAccess check

* Update unit test

GitOrigin-RevId: 7702fe34762ecb8bd050c2fa2b6e95a9baf90be3

services/web/app/src/Features/UserMembership/UserMembershipMiddleware.js

@@ -84,6 +84,29 @@ const UserMembershipMiddleware = {
     ]),
   ],
 
+  requireGroupSettingsReadAccess: [
+    AuthenticationController.requireLogin(),
+    fetchEntityConfig('groupAdmin'),
+    fetchEntity(),
+    requireEntity(),
+    allowAccessIfAny([
+      UserMembershipAuthorization.hasEntityAccess(),
+      UserMembershipAuthorization.hasStaffAccess('groupManagement'),
+    ]),
+  ],
+
+  requireGroupSettingsWriteAccess: [
+    AuthenticationController.requireLogin(),
+    fetchEntityConfig('groupAdmin'),
+    fetchEntity(),
+    requireEntity(),
+    allowAccessIfAny([
+      UserMembershipAuthorization.hasEntityAccess(),
+      UserMembershipAuthorization.hasStaffAccess('groupManagement'),
+      UserMembershipAuthorization.hasAdminCapability('modify-group-setting'),
+    ]),
+  ],
+
   requireInstitutionMetricsAccess: [
     AuthenticationController.requireLogin(),
     fetchEntityConfig('institution'),

services/web/frontend/js/utils/meta.ts

@@ -143,6 +143,7 @@ export interface Meta {
   'ol-hasSplitTestWriteAccess': boolean
   'ol-hasSubscription': boolean
   'ol-hasTrackChangesFeature': boolean
+  'ol-hasWriteAccess': boolean
   'ol-hideLinkingWidgets': boolean // CI only
   'ol-i18n': { currentLangCode: string }
   'ol-inactiveTutorials': string[]

services/web/types/admin-capabilities.ts

@@ -5,6 +5,7 @@ export type AdminCapability =
   | 'create-subscription'
   | 'modify-feature-override'
   | 'modify-group'
+  | 'modify-group-setting'
   | 'modify-login-status'
   | 'modify-managed-group'
   | 'modify-project'