From ac11e4fbc642e3777798ddd43868a57496e7b3ff Mon Sep 17 00:00:00 2001
From: Leopold Cramer <leopold.h.cramer@gmail.com>
Date: Wed, 24 Sep 2025 17:27:24 +0200
Subject: [PATCH] none was not in roles definition and thus was unassignable

---
 src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt | 4 ++++
 src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt    | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt b/src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt
index 5964ab4e..0509581c 100644
--- a/src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt
+++ b/src/main/kotlin/com/cosmotech/api/rbac/RolesDefinition.kt
@@ -22,6 +22,8 @@ const val PERMISSION_DELETE = "delete"
 const val PERMISSION_LAUNCH = "launch"
 const val PERMISSION_VALIDATE = "validate"
 
+val NO_PERMISSIONS = emptyList<String>()
+
 val COMMON_ROLE_READER_PERMISSIONS = listOf(PERMISSION_READ, PERMISSION_READ_SECURITY)
 val COMMON_ROLE_USER_PERMISSIONS =
     listOf(PERMISSION_READ, PERMISSION_READ_SECURITY, PERMISSION_CREATE_CHILDREN)
@@ -92,6 +94,7 @@ fun getCommonRolesDefinition(): RolesDefinition {
   return RolesDefinition(
       permissions =
           mutableMapOf(
+              ROLE_NONE to NO_PERMISSIONS,
               ROLE_VIEWER to COMMON_ROLE_READER_PERMISSIONS,
               ROLE_USER to COMMON_ROLE_USER_PERMISSIONS,
               ROLE_EDITOR to COMMON_ROLE_EDITOR_PERMISSIONS,
@@ -104,6 +107,7 @@ fun getScenarioRolesDefinition(): RolesDefinition {
   return RolesDefinition(
       permissions =
           mutableMapOf(
+              ROLE_NONE to NO_PERMISSIONS,
               ROLE_VIEWER to SCENARIO_ROLE_VIEWER_PERMISSIONS,
               ROLE_EDITOR to SCENARIO_ROLE_EDITOR_PERMISSIONS,
               ROLE_VALIDATOR to SCENARIO_ROLE_VALIDATOR_PERMISSIONS,
diff --git a/src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt b/src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt
index c106b90a..f49825ca 100644
--- a/src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt
+++ b/src/test/kotlin/com/cosmotech/api/rbac/CsmRbacTests.kt
@@ -568,6 +568,7 @@ class CsmRbacTests {
   fun `get default role definition permissions`() {
     val expected: MutableMap<String, List<String>> =
         mutableMapOf(
+            ROLE_NONE to NO_PERMISSIONS,
             ROLE_VIEWER to COMMON_ROLE_READER_PERMISSIONS,
             ROLE_USER to COMMON_ROLE_USER_PERMISSIONS,
             ROLE_EDITOR to COMMON_ROLE_EDITOR_PERMISSIONS,
@@ -589,6 +590,7 @@ class CsmRbacTests {
     definition.permissions.put(customRole, customRolePermissions)
     val expected: MutableMap<String, List<String>> =
         mutableMapOf(
+            ROLE_NONE to NO_PERMISSIONS,
             ROLE_VIEWER to COMMON_ROLE_READER_PERMISSIONS,
             ROLE_USER to COMMON_ROLE_USER_PERMISSIONS,
             ROLE_EDITOR to COMMON_ROLE_EDITOR_PERMISSIONS,