ui: console shows forbidden errors for requests to v1/settings

[andreimatei]

After logging in, on the home page I see periodic:

GET https://andrei-crdb-ycsb-0002.roachprod.crdb.io:26258/_admin/v1/settings?unredacted_values=true 403 (Forbidden)

If I refresh the page, the errors are gone. So it seems to happen only on the page loaded after a login.

Jira issue: CRDB-25216

[abarganier]

This was related to #97786, which was fixed in #97940.

This error appeared on v23.1-alpha.1, which did not contain the SHA that fixed the backwards compatibility issues that originally existed with multitenant session cookies.

I did some testing on master to try and reproduce this, but was unable, so I think it's safe to say that #97940 fixed this.

Marking as closed, but if this somehow appears on master let's reopen.

[andreimatei]

I'm also seeing these errors on a 22.2.2 cluster, on the dashboards page. And I'm seeing it after navigating for a while, and after refreshing, so not immediately after login.
Haven't tried master, but reopening. Feel free to close again, though.

[dhartunian]

This is a frontend bug where we continue requesting settings even when the user account does not have permissions to view them. The fix should be to just give up after a 403 error.

[andreimatei]

Indeed, I'm using a user with viewactrivity, not an admin.

[abarganier]

Thanks for reopening, I was testing with an admin user, so I missed this part. I'll give the repro another try and take @dhartunian's suggested approach as a fix.

[abarganier]

Yup, easily reproduced when the user doesn't have admin! I'll get to work on a fix.