[6943] Pinia Task 14 - account-settings

[n-lark]

Description

See details here & test plan here.

Related Issue(s)

Resolves #6943

Checklist

• I have read the contribution guidelines
• Suitable unit/system level tests have been added and they pass
• Documentation has been updated
  • Upgrade instructions
  • Configuration details
  • Concepts
• Changes flowforge.yml?
  • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
  • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production
• Link to Changelog Entry PR, or note why one is not needed.

Labels

• Includes a DB migration? -> add the area:migration label

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.29%. Comparing base (1c7914a) to head (d00db58).

Additional details and impacted files

@@                       Coverage Diff                        @@
##           6942-pinia-task-13-account-team    #6979   +/-   ##
================================================================
  Coverage                            76.29%   76.29%           
================================================================
  Files                                  403      403           
  Lines                                20296    20296           
  Branches                              4881     4881           
================================================================
  Hits                                 15485    15485           
  Misses                                4811     4811           

Flag	Coverage Δ
backend	76.29% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[n-lark]

isHTTPBearerTokensFeatureEnabled was a computed property called with (), throwing a TypeError that silently prevented getTokens() from ever running.

Fixing the boolean call exposed two issues:

1. Permission race — checkAccess() wasn't returning a value so mounted() was accidentally bailing out before getTokens() could fire. Once fixed, getTokens() ran for the first time, including for viewers/members without permission, causing an unhandled 403 that failed Cypress. Fixed by making checkAccess() return false so mounted() bails immediately for unauthorized users. The same permission check was added to the httpNodeAuth_type watcher which bypassed checkAccess().

2. Application owner vs team member mismatch — a user can be an application-level owner (passing the client-side hasPermission('project:edit', { application }) check) but only a team-level viewer/member. The server-side tokens endpoint checks team-level membership and returns 403 in this case. This mismatch pre-existed our changes but was hidden by the TypeError. The try/catch handles it gracefully, the token table stays empty, which is the correct UI state for this permission combination.

The try/catch isn't ideal here so we should probably create another ticket to address - the proper fix is to align the client-side permission check for getTokens() with the team-level check the server uses. Lmk if we are cool with me raising an issue for this.