fix(scim): Disable frontend idp lockout on roles (#51556)

This is the followup change to the backend change allowing role
selection even with SCIM This should be reverted once SCIM Issues are
resolved

static/app/views/settings/organizationMembers/inviteMember/orgRoleSelect.tsx

@@ -1,15 +1,9 @@
 import {Component} from 'react';
 import styled from '@emotion/styled';
 
-import {
-  Panel,
-  PanelAlert,
-  PanelBody,
-  PanelHeader,
-  PanelItem,
-} from 'sentry/components/panels';
+import {Panel, PanelBody, PanelHeader, PanelItem} from 'sentry/components/panels';
 import Radio from 'sentry/components/radio';
-import {t, tct} from 'sentry/locale';
+import {t} from 'sentry/locale';
 import {OrgRole} from 'sentry/types';
 import TextBlock from 'sentry/views/settings/components/text/textBlock';
 
@@ -23,9 +17,7 @@ const Label = styled('label')`
 type Props = {
   disabled: boolean;
   enforceAllowed: boolean;
-  enforceIdpRoleRestricted: boolean;
   enforceRetired: boolean;
-  isCurrentUser: boolean;
   roleList: OrgRole[];
   roleSelected: string;
   setSelected: (id: string) => void;
@@ -37,9 +29,7 @@ class OrganizationRoleSelect extends Component<Props> {
       disabled,
       enforceRetired,
       enforceAllowed,
-      isCurrentUser,
       roleList,
-      enforceIdpRoleRestricted,
       roleSelected,
       setSelected,
     } = this.props;
@@ -49,25 +39,13 @@ class OrganizationRoleSelect extends Component<Props> {
         <PanelHeader>
           <div>{t('Organization Role')}</div>
         </PanelHeader>
-        {enforceIdpRoleRestricted && (
-          <PanelAlert>
-            {tct(
-              "[person] organization-level role is managed through your organization's identity provider.",
-              {person: isCurrentUser ? 'Your' : "This member's"}
-            )}
-          </PanelAlert>
-        )}
 
         <PanelBody>
           {roleList.map(role => {
             const {desc, name, id, allowed, isRetired: roleRetired} = role;
 
             const isRetired = enforceRetired && roleRetired;
-            const isDisabled =
-              disabled ||
-              isRetired ||
-              (enforceAllowed && !allowed) ||
-              enforceIdpRoleRestricted;
+            const isDisabled = disabled || isRetired || (enforceAllowed && !allowed);
 
             return (
               <PanelItem

static/app/views/settings/organizationMembers/organizationMemberDetail.spec.jsx

@@ -295,27 +295,6 @@ describe('OrganizationMemberDetail', function () {
         )
       ).toBeInTheDocument();
     });
-
-    it('cannot change roles if member is idp-provisioned', function () {
-      const roleRestrictedMember = TestStubs.Member({
-        roles: TestStubs.OrgRoleList(),
-        dateCreated: new Date(),
-        teams: [team.slug],
-        flags: {
-          'idp:role-restricted': true,
-        },
-      });
-      MockApiClient.addMockResponse({
-        url: `/organizations/${organization.slug}/members/${member.id}/`,
-        body: roleRestrictedMember,
-      });
-      render(<OrganizationMemberDetail params={{memberId: roleRestrictedMember.id}} />, {
-        context: routerContext,
-      });
-
-      const radios = screen.getAllByRole('radio');
-      expect(radios.at(0)).toHaveAttribute('readonly');
-    });
   });
 
   describe('Cannot Edit', function () {

static/app/views/settings/organizationMembers/organizationMemberDetail.tsx

@@ -24,7 +24,6 @@ import TextCopyInput from 'sentry/components/textCopyInput';
 import {Tooltip} from 'sentry/components/tooltip';
 import {IconRefresh} from 'sentry/icons';
 import {t, tct} from 'sentry/locale';
-import configStore from 'sentry/stores/configStore';
 import {space} from 'sentry/styles/space';
 import {Member, Organization} from 'sentry/types';
 import isMemberDisabledFromLimit from 'sentry/utils/isMemberDisabledFromLimit';
@@ -289,8 +288,6 @@ class OrganizationMemberDetail extends AsyncView<Props, State> {
     const {email, expired, pending, invite_link: inviteLink} = member;
     const canResend = !expired;
     const showAuth = !pending;
-    const currentUser = configStore.get('user');
-    const isCurrentUser = currentUser.email === email;
 
     return (
       <Fragment>
@@ -399,9 +396,7 @@ class OrganizationMemberDetail extends AsyncView<Props, State> {
 
         <OrganizationRoleSelect
           enforceAllowed={false}
-          enforceIdpRoleRestricted={member.flags['idp:role-restricted']}
           enforceRetired={hasTeamRoles}
-          isCurrentUser={isCurrentUser}
           disabled={!canEdit}
           roleList={orgRoleList}
           roleSelected={orgRole}