ethyca · Kelsey-Ethyca · Jun 19, 2024 · Jun 20, 2024 · Jun 20, 2024 · Jun 20, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,7 +15,26 @@ The types of changes are:
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
-## [Unreleased](https://github.com/ethyca/fides/compare/2.39.0...main)
+## [2.39.2](https://github.com/ethyca/fides/compare/2.39.1...2.39.2)
+
+### Fixed
+- Restrict Delete Systems API endpoint such that user must have "SYSTEM_DELETE" scope [#5037](https://github.com/ethyca/fides/pull/5037)
+
+### Security
+- Remove the SERVER_SIDE_FIDES_API_URL env variable from the client clientSettings [CVE-2024-31223](https://github.com/ethyca/fides/security/advisories/GHSA-53q7-4874-24qg)
+
+## [2.39.1](https://github.com/ethyca/fides/compare/2.39.0...2.39.1)
+
+### Fixed
+- Fixed a bug where system information form was not loading for Viewer users [#5034](https://github.com/ethyca/fides/pull/5034)
+- Fixed viewers being given the option to delete systems [#5035](https://github.com/ethyca/fides/pull/5035)
+- Restrict Delete Systems API endpoint such that user must have "SYSTEM_DELETE" scope [#5037](https://github.com/ethyca/fides/pull/5037)
+
+### Removed
+- Removed the `fetch` polyfill from FidesJS [#5026](https://github.com/ethyca/fides/pull/5026)
+
+### Security
+- Removed FidesJS's exposure to `polyfill.io` supply chain attack [CVE-2024-38537](https://github.com/ethyca/fides/security/advisories/GHSA-cvw4-c69g-7v7m)
 
 ## [2.39.0](https://github.com/ethyca/fides/compare/2.38.1...2.39.0)
 
@@ -31,11 +50,13 @@ The types of changes are:
 - New privacy request search to replace existing endpoint [#4987](https://github.com/ethyca/fides/pull/4987)
 - Added new Google Cloud SQL for MySQL Connector [#4949](https://github.com/ethyca/fides/pull/4949)
 - Add new options for integrations for discovery & detection [#5000](https://github.com/ethyca/fides/pull/5000)
+- Add new `FidesInitializing` event for when FidesJS begins initialization [#5010](https://github.com/ethyca/fides/pull/5010)
 
 ### Changed
 - Move new data map reporting table out of beta and remove old table from Data Lineage map. [#4963](https://github.com/ethyca/fides/pull/4963)
 - Disable the 'connect to a database' button if the `dataDiscoveryAndDetection` feature flag is enabled [#1455](https://github.com/ethyca/fidesplus/pull/1455)
 - Upgrade Privacy Request table to use FidesTable V2 [#4990](https://github.com/ethyca/fides/pull/4990)
+- Add copy to project selection modal and tweak copy on discovery monitors table [#5007](https://github.com/ethyca/fides/pull/5007)
 
 ### Fixed
 - Fixed an issue where the GPP signal status was prematurely set to `ready` in some scenarios [#4957](https://github.com/ethyca/fides/pull/4957)
@@ -44,6 +65,9 @@ The types of changes are:
 - Masked "Keyfile credentials" input on integration config form [#4971](https://github.com/ethyca/fides/pull/4971)
 - Fixed validations for privacy declaration taxonomy labels when creating/updating a System [#4982](https://github.com/ethyca/fides/pull/4982)
 - Allow property-specific messaging to work with non-custom templates [#4986](https://github.com/ethyca/fides/pull/4986)
+- Fixed an issue where config object was being passed twice to `fides.js` output [#5010](https://github.com/ethyca/fides/pull/5010)
+- Disabling Fides initialization now also disables GPP initialization [#5010](https://github.com/ethyca/fides/pull/5010)
+- Fixes Vendor table formatting [#5013](https://github.com/ethyca/fides/pull/5013)
 
 ## [2.38.1](https://github.com/ethyca/fides/compare/2.38.0...2.38.1)
 

diff --git a/clients/admin-ui/cypress/e2e/systems-plus.cy.ts b/clients/admin-ui/cypress/e2e/systems-plus.cy.ts
@@ -14,6 +14,7 @@ import {
   INDEX_ROUTE,
   SYSTEM_ROUTE,
 } from "~/features/common/nav/v2/routes";
+import { RoleRegistryEnum } from "~/types/api";
 
 describe("System management with Plus features", () => {
   beforeEach(() => {
@@ -29,6 +30,14 @@ describe("System management with Plus features", () => {
     );
   });
 
+  describe("permissions", () => {
+    it("can view a system page as a viewer", () => {
+      cy.assumeRole(RoleRegistryEnum.VIEWER);
+      cy.visit(`${SYSTEM_ROUTE}/configure/demo_analytics_system`);
+      cy.getByTestId("input-name").should("exist");
+    });
+  });
+
   describe("vendor list", () => {
     beforeEach(() => {
       stubVendorList();

diff --git a/clients/admin-ui/cypress/e2e/systems.cy.ts b/clients/admin-ui/cypress/e2e/systems.cy.ts
@@ -11,6 +11,7 @@ import {
   INTEGRATION_MANAGEMENT_ROUTE,
   SYSTEM_ROUTE,
 } from "~/features/common/nav/v2/routes";
+import { RoleRegistryEnum } from "~/types/api";
 
 describe("System management page", () => {
   beforeEach(() => {
@@ -235,6 +236,15 @@ describe("System management page", () => {
       cy.getByTestId("toast-success-msg");
     });
 
+    it("Can't delete a system as a viewer", () => {
+      cy.assumeRole(RoleRegistryEnum.VIEWER);
+      cy.visit(SYSTEM_ROUTE);
+      cy.getByTestId("system-fidesctl_system").within(() => {
+        cy.getByTestId("more-btn").click();
+        cy.getByTestId("delete-btn").should("not.exist");
+      });
+    });
+
     it("Can render an error on delete", () => {
       cy.intercept("DELETE", "/api/v1/system/*", {
         statusCode: 404,

diff --git a/clients/admin-ui/src/features/common/copy/components.tsx b/clients/admin-ui/src/features/common/copy/components.tsx
@@ -1,4 +1,18 @@
-import { Heading, Link, OrderedList, Text, UnorderedList } from "fidesui";
+import {
+  Code,
+  Heading,
+  Link,
+  OrderedList,
+  Table,
+  Tag,
+  Tbody,
+  Td,
+  Text,
+  Th,
+  Thead,
+  Tr,
+  UnorderedList,
+} from "fidesui";
 import { ReactNode } from "react";
 
 export const InfoHeading = ({ text }: { text: string }) => (
@@ -32,7 +46,43 @@ export const InfoUnorderedList = ({ children }: { children: ReactNode }) => (
 );
 
 export const InfoOrderedList = ({ children }: { children: ReactNode }) => (
-  <OrderedList fontSize="14px" mb={4}>
+  <OrderedList fontSize="14px" mb={4} ml={6}>
     {children}
   </OrderedList>
 );
+
+export const InfoCodeBlock = ({ children }: { children: ReactNode }) => (
+  <Code display="block" whiteSpace="pre" p={4} mb={4} overflowX="scroll">
+    {children}
+  </Code>
+);
+
+export interface PermissionsTableItem {
+  permission: string;
+  description: string;
+}
+
+export const InfoPermissionsTable = ({
+  data,
+}: {
+  data: PermissionsTableItem[];
+}) => (
+  <Table fontSize="14px">
+    <Thead>
+      <Tr>
+        <Th>Permission</Th>
+        <Th>Description</Th>
+      </Tr>
+    </Thead>
+    <Tbody>
+      {data.map((item) => (
+        <Tr key={item.permission}>
+          <Td>
+            <Tag>{item.permission}</Tag>
+          </Td>
+          <Td>{item.description}</Td>
+        </Tr>
+      ))}
+    </Tbody>
+  </Table>
+);
diff --git a/clients/admin-ui/src/features/common/table/v2/cells.tsx b/clients/admin-ui/src/features/common/table/v2/cells.tsx
@@ -94,6 +94,38 @@ export const BadgeCell = ({
   </BadgeCellContainer>
 );
 
+export const BadgeCellCount = ({
+  count,
+  singSuffix,
+  plSuffix,
+  ...badgeProps
+}: {
+  count: number;
+  singSuffix?: string;
+  plSuffix?: string;
+} & BadgeProps) => {
+  // If count is 1, display count with singular suffix
+  let badge = null;
+  if (count === 1) {
+    badge = (
+      <FidesBadge {...badgeProps}>
+        {count}
+        {singSuffix ? ` ${singSuffix}` : null}
+      </FidesBadge>
+    );
+  }
+  // If count is 0 or > 1, display count with plural suffix
+  else {
+    badge = (
+      <FidesBadge {...badgeProps}>
+        {count}
+        {plSuffix ? ` ${plSuffix}` : null}
+      </FidesBadge>
+    );
+  }
+  return <BadgeCellContainer>{badge}</BadgeCellContainer>;
+};
+
 export const GroupCountBadgeCell = ({
   value,
   suffix,

diff --git a/clients/admin-ui/src/features/common/table/v2/index.ts b/clients/admin-ui/src/features/common/table/v2/index.ts
@@ -1,5 +1,6 @@
 export {
   BadgeCell,
+  BadgeCellCount,
   DefaultCell,
   DefaultHeaderCell,
   GroupCountBadgeCell,

diff --git a/clients/admin-ui/src/features/configure-consent/ConsentManagementTable.tsx b/clients/admin-ui/src/features/configure-consent/ConsentManagementTable.tsx
@@ -6,7 +6,7 @@ import {
 } from "@tanstack/react-table";
 import { useFeatures } from "common/features";
 import {
-  BadgeCell,
+  BadgeCellCount,
   DefaultCell,
   DefaultHeaderCell,
   FidesTableV2,
@@ -163,33 +163,55 @@ export const ConsentManagementTable = () => {
       columnHelper.accessor((row) => row.data_uses, {
         id: "tcf_purpose",
         cell: (props) => (
-          <BadgeCell suffix="purposes" value={props.getValue()} />
+          <BadgeCellCount
+            plSuffix="purposes"
+            singSuffix="purpose"
+            count={props.getValue()}
+          />
         ),
         header: (props) => <DefaultHeaderCell value="TCF purpose" {...props} />,
       }),
       columnHelper.accessor((row) => row.data_uses, {
         id: "data_uses",
         cell: (props) => (
-          <BadgeCell suffix="data uses" value={props.getValue()} />
+          <BadgeCellCount
+            plSuffix="data uses"
+            singSuffix="data use"
+            count={props.getValue()}
+          />
         ),
         header: (props) => <DefaultHeaderCell value="Data use" {...props} />,
       }),
       columnHelper.accessor((row) => row.legal_bases, {
         id: "legal_bases",
-        cell: (props) => <BadgeCell suffix="bases" value={props.getValue()} />,
+        cell: (props) => (
+          <BadgeCellCount
+            plSuffix="bases"
+            singSuffix="basis"
+            count={props.getValue()}
+          />
+        ),
         header: (props) => <DefaultHeaderCell value="Legal basis" {...props} />,
       }),
       columnHelper.accessor((row) => row.consent_categories, {
         id: "consent_categories",
         cell: (props) => (
-          <BadgeCell suffix="Categories" value={props.getValue()} />
+          <BadgeCellCount
+            plSuffix="categories"
+            singSuffix="category"
+            count={props.getValue()}
+          />
         ),
         header: (props) => <DefaultHeaderCell value="Categories" {...props} />,
       }),
       columnHelper.accessor((row) => row.cookies, {
         id: "cookies",
         cell: (props) => (
-          <BadgeCell suffix="Cookies" value={props.getValue()} />
+          <BadgeCellCount
+            plSuffix="cookies"
+            singSuffix="cookie"
+            count={props.getValue()}
+          />
         ),
         header: (props) => <DefaultHeaderCell value="Cookies" {...props} />,
       }),

diff --git a/clients/admin-ui/src/features/datamap/reporting/DatamapReportTable.tsx b/clients/admin-ui/src/features/datamap/reporting/DatamapReportTable.tsx
@@ -786,7 +786,7 @@ export const DatamapReportTable = () => {
         id: COLUMN_IDS.RESPONSIBILITY,
         cell: (props) => (
           <GroupCountBadgeCell
-            suffix="responsibilitlies"
+            suffix="responsibilities"
             value={props.getValue()}
             {...props}
           />

diff --git a/...ts/admin-ui/src/features/integrations/configure-monitor/ConfigureMonitorDatabasesForm.tsx b/...ts/admin-ui/src/features/integrations/configure-monitor/ConfigureMonitorDatabasesForm.tsx
@@ -1,8 +1,9 @@
-import { Button, ButtonGroup, Flex, Spinner } from "fidesui";
+import { Button, ButtonGroup, Flex, Spinner, Text } from "fidesui";
 import { useEffect, useState } from "react";
 
 import useQueryResultToast from "~/features/common/form/useQueryResultToast";
 import { PickerCheckboxList } from "~/features/common/PickerCard";
+import QuestionTooltip from "~/features/common/QuestionTooltip";
 import {
   PaginationBar,
   useServerSidePagination,
@@ -22,6 +23,9 @@ const EMPTY_RESPONSE = {
   pages: 0,
 };
 
+const TOOLTIP_COPY =
+  "Select projects to restrict which datasets this monitor can access. If no projects are selected, the monitor will observe all current and future projects.";
+
 const ConfigureMonitorDatabasesForm = ({
   monitor,
   onClose,
@@ -86,7 +90,11 @@ const ConfigureMonitorDatabasesForm = ({
 
   return (
     <>
-      <Flex p={4}>
+      <Flex p={4} direction="column">
+        <Flex direction="row" mb={4} gap={1} align="center">
+          <Text fontSize="sm">Select projects to monitor</Text>
+          <QuestionTooltip label={TOOLTIP_COPY} />
+        </Flex>
         <PickerCheckboxList
           title="Select all projects"
           items={databases.map((d) => ({ id: d, name: d }))}

diff --git a/clients/admin-ui/src/features/integrations/configure-monitor/MonitorConfigTab.tsx b/clients/admin-ui/src/features/integrations/configure-monitor/MonitorConfigTab.tsx
@@ -187,10 +187,10 @@ const MonitorConfigTab = ({
   return (
     <>
       <Text maxW="720px" mb={6} fontSize="sm">
-        Data discovery monitors observe configured systems for data model
-        changes to proactively discover and classify data risks. You can create
-        multiple monitors to observe part or all of a project, dataset, table or
-        API for changes and assign these to different data stewards.
+        A data discovery monitor observes configured systems for data model
+        changes to proactively discover and classify data risks. Monitors can
+        observe part or all of a project, dataset, table, or API for changes and
+        each can be assigned to a different data steward.
       </Text>
       <TableActionBar>
         <Spacer />