fix(admin): fix a few bugs related to admin controls (#17590)

packages/core/src/code_assist/admin/admin_controls.test.ts

@@ -170,6 +170,25 @@ describe('Admin Controls', () => {
       expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2); // Initial + poll
     });
 
+    it('should return empty object on 403 fetch error and STOP polling', async () => {
+      const error403 = new Error('Forbidden');
+      Object.assign(error403, { status: 403 });
+      (mockServer.fetchAdminControls as Mock).mockRejectedValue(error403);
+
+      const result = await fetchAdminControls(
+        mockServer,
+        undefined,
+        true,
+        mockOnSettingsChanged,
+      );
+
+      expect(result).toEqual({});
+
+      // Advance time - should NOT poll because of 403
+      await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
+      expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1); // Only the initial call
+    });
+
     it('should sanitize server response', async () => {
       (mockServer.fetchAdminControls as Mock).mockResolvedValue({
         secureModeEnabled: true,
@@ -302,6 +321,32 @@ describe('Admin Controls', () => {
         secureModeEnabled: true,
       });
     });
+
+    it('should STOP polling if server returns 403', async () => {
+      // Initial fetch is successful
+      (mockServer.fetchAdminControls as Mock).mockResolvedValue({
+        secureModeEnabled: false,
+      });
+      await fetchAdminControls(
+        mockServer,
+        undefined,
+        true,
+        mockOnSettingsChanged,
+      );
+      expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(1);
+
+      // Next poll returns 403
+      const error403 = new Error('Forbidden');
+      Object.assign(error403, { status: 403 });
+      (mockServer.fetchAdminControls as Mock).mockRejectedValue(error403);
+
+      await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
+      expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2);
+
+      // Advance time again - should NOT poll again
+      await vi.advanceTimersByTimeAsync(5 * 60 * 1000);
+      expect(mockServer.fetchAdminControls).toHaveBeenCalledTimes(2);
+    });
   });
 
   describe('stopAdminControlsPolling', () => {

packages/core/src/code_assist/admin/admin_controls.ts

@@ -25,6 +25,15 @@ export function sanitizeAdminSettings(
   return result.data;
 }
 
+function isGaxiosError(error: unknown): error is { status: number } {
+  return (
+    typeof error === 'object' &&
+    error !== null &&
+    'status' in error &&
+    typeof (error as { status: unknown }).status === 'number'
+  );
+}
+
 /**
  * Fetches the admin controls from the server if enabled by experiment flag.
  * Safely handles polling start/stop based on the flag and server availability.
@@ -64,6 +73,12 @@ export async function fetchAdminControls(
     startAdminControlsPolling(server, server.projectId, onSettingsChanged);
     return sanitizedSettings;
   } catch (e) {
+    // Non-enterprise users don't have access to fetch settings.
+    if (isGaxiosError(e) && e.status === 403) {
+      stopAdminControlsPolling();
+      currentSettings = undefined;
+      return {};
+    }
     debugLogger.error('Failed to fetch admin controls: ', e);
     // If initial fetch fails, start polling to retry.
     currentSettings = {};
@@ -95,6 +110,12 @@ function startAdminControlsPolling(
           onSettingsChanged(newSettings);
         }
       } catch (e) {
+        // Non-enterprise users don't have access to fetch settings.
+        if (isGaxiosError(e) && e.status === 403) {
+          stopAdminControlsPolling();
+          currentSettings = undefined;
+          return;
+        }
         debugLogger.error('Failed to poll admin controls: ', e);
       }
     },