feat(requests): allow admins to bypass user quota limits

[0xSysR3ll]

Description

This PR adds the ability for users with MANAGE_REQUESTS permission to bypass quota restrictions when making requests on behalf of other users.

It also introduces a Ignore Quota toggle option in the the requests modal.
When enabled, the request will not count against the user's quota limits, allowing admins to make requests on behalf of users who may have exceeded their quota or for special circumstances.

Screenshot (if UI-related)

Quota exceeded

X requests remaining

To-Dos

• Successful build yarn build
• Translation keys yarn i18n:extract
• Database migration (if required)

Issues Fixed or Closed

• Fixes Admin can't force a request through for a user who has met the request limit #4165

[OwsleyJr]

I actually like this change but I feel like there should be an option to bypass or not.

[0xSysR3ll]

I actually like this change but I feel like there should be an option to bypass or not.

Glad you like it ! No sure to see what you mean though.
Is it something like : I have the MANAGE_REQUESTS permission but I need an extra/sub permission like BYPASS_QUOTA ?

[OwsleyJr]

I actually like this change but I feel like there should be an option to bypass or not.

Glad you like it ! No sure to see what you mean though.

Is it something like : I have the MANAGE_REQUESTS permission but I need an extra/sub permission like BYPASS_QUOTA ?

Could just have a toggle on the modal maybe?

[0xSysR3ll]

@OwsleyJr
Maybe wrongly placed but could be wym ?

[gauthier-th]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

[OwsleyJr]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

Hmm, in my head I was thinking you might still want still want this to affect their quota.

[OwsleyJr]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

Hmm, in my head I was thinking you might still want still want this to affect their quota.

If they aren't at a limit yet

[0xSysR3ll]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

Hmm, in my head I was thinking you might still want still want this to affect their quota.

Not sure to follow. This will only show if their quota is exceeded.

[OwsleyJr]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

Hmm, in my head I was thinking you might still want still want this to affect their quota.

Not sure to follow. This will only show if their quota is exceeded.

I'm thinking as an admin I may or may not want to affect their quota, even if they haven't hit it yet.

[0xSysR3ll]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

Hmm, in my head I was thinking you might still want still want this to affect their quota.

Not sure to follow. This will only show if their quota is exceeded.

I'm thinking as an admin I may or may not want to affect their quota, even if they haven't hit it yet.

So, If I understand correctly: As an admin, I should have the option to bypass the user's quota at any time - even if they still have requests remaining - so that the request I make doesn't count against their quota unless I choose otherwise. Right ?

If so, I think that will imply some API change.

[OwsleyJr]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

Hmm, in my head I was thinking you might still want still want this to affect their quota.

Not sure to follow. This will only show if their quota is exceeded.

I'm thinking as an admin I may or may not want to affect their quota, even if they haven't hit it yet.

So, If I understand correctly: As an admin, I should have the option to bypass the user's quota at any time - even if they still have requests remaining - so that the request I make doesn't count against their quota unless I choose otherwise. Right ?

If so, I think that will imply some API change.

Essentially yes but the main the issue we'll have with this, toggle or not, is we use a user's current requests to track their quota and this PR currently would cause issues with that. So some sort of backend change would be required either way.

[0xSysR3ll]

IMHO a warning just before the "Request" button would be enough, to say something like "be aware that as an admin you will bypass the quota limits the user already reached"

Hmm, in my head I was thinking you might still want still want this to affect their quota.

Not sure to follow. This will only show if their quota is exceeded.

I'm thinking as an admin I may or may not want to affect their quota, even if they haven't hit it yet.

So, If I understand correctly: As an admin, I should have the option to bypass the user's quota at any time - even if they still have requests remaining - so that the request I make doesn't count against their quota unless I choose otherwise. Right ?

If so, I think that will imply some API change.

Essentially yes but the main the issue we'll have with this, toggle or not, is we use a user's current requests to track their quota and this PR currently would cause issues with that. So some sort of backend change would be required either way.

Yep, maybe we should add a flag to the request (e.g. ignoreQuota: true) or something like that.

[OwsleyJr]

Yep pretty much what we would need to do!

[0xSysR3ll]

Hey @OwsleyJr 👋,
Just adapted PR's comment and code accordingly.
Quota can be bypassed either if it is exceeded or not, as we agreed on.

[OwsleyJr]

Hey @OwsleyJr 👋,

Just adapted PR's comment and code accordingly.

Quota can be bypassed either if it is exceeded or not, as we agreed on.

Hey don't want to leave you hanging but on vacation atm. Will try and do a review when I get a chance or hopefully another team member will take a peek.

[0xSysR3ll]

Hey @OwsleyJr 👋,

Just adapted PR's comment and code accordingly.

Quota can be bypassed either if it is exceeded or not, as we agreed on.

Hey don't want to leave you hanging but on vacation atm. Will try and do a review when I get a chance or hopefully another team member will take a peek.

No prob at all! We're all busy with real-life matters.

[OwsleyJr]

Hey @OwsleyJr 👋,

Just adapted PR's comment and code accordingly.

Quota can be bypassed either if it is exceeded or not, as we agreed on.

Hey don't want to leave you hanging but on vacation atm. Will try and do a review when I get a chance or hopefully another team member will take a peek.

No prob at all! We're all busy with real-life matters.

Hey sorry for the delay. Haven't forgotten about you. We are just holding off on any migration related PRs (announcement coming soon) atm but will keep you updated.

[0xSysR3ll]

Note to myself: migrate this PR to seer's repo