backport RBAC changes from the old cosmotech-api-common repository

Leopold-Cramer · Leopold-Cramer · commit c7dccfc2daba · 2025-09-29T17:06:58.000+02:00
diff --git a/common/src/main/kotlin/com/cosmotech/common/rbac/RolesDefinition.kt b/common/src/main/kotlin/com/cosmotech/common/rbac/RolesDefinition.kt
@@ -22,6 +22,8 @@ const val PERMISSION_DELETE = "delete"
 const val PERMISSION_LAUNCH = "launch"
 const val PERMISSION_VALIDATE = "validate"
 
+val NO_PERMISSIONS = emptyList<String>()
+
 val COMMON_ROLE_READER_PERMISSIONS = listOf(PERMISSION_READ)
 val COMMON_ROLE_USER_PERMISSIONS =
     listOf(PERMISSION_READ, PERMISSION_READ_SECURITY, PERMISSION_CREATE_CHILDREN)
@@ -92,6 +94,7 @@ fun getCommonRolesDefinition(): RolesDefinition {
   return RolesDefinition(
       permissions =
           mutableMapOf(
+              ROLE_NONE to NO_PERMISSIONS,
               ROLE_VIEWER to COMMON_ROLE_READER_PERMISSIONS,
               ROLE_USER to COMMON_ROLE_USER_PERMISSIONS,
               ROLE_EDITOR to COMMON_ROLE_EDITOR_PERMISSIONS,
@@ -104,6 +107,7 @@ fun getRunnerRolesDefinition(): RolesDefinition {
   return RolesDefinition(
       permissions =
           mutableMapOf(
+              ROLE_NONE to NO_PERMISSIONS,
               ROLE_VIEWER to RUNNER_ROLE_VIEWER_PERMISSIONS,
               ROLE_EDITOR to RUNNER_ROLE_EDITOR_PERMISSIONS,
               ROLE_VALIDATOR to RUNNER_ROLE_VALIDATOR_PERMISSIONS,
diff --git a/common/src/test/kotlin/com/cosmotech/common/rbac/CsmRbacTests.kt b/common/src/test/kotlin/com/cosmotech/common/rbac/CsmRbacTests.kt
@@ -639,6 +639,7 @@ class CsmRbacTests {
   fun `get default role definition permissions`() {
     val expected: MutableMap<String, List<String>> =
         mutableMapOf(
+            ROLE_NONE to NO_PERMISSIONS,
             ROLE_VIEWER to COMMON_ROLE_READER_PERMISSIONS,
             ROLE_USER to COMMON_ROLE_USER_PERMISSIONS,
             ROLE_EDITOR to COMMON_ROLE_EDITOR_PERMISSIONS,
@@ -660,6 +661,7 @@ class CsmRbacTests {
     definition.permissions.put(customRole, customRolePermissions)
     val expected: MutableMap<String, List<String>> =
         mutableMapOf(
+            ROLE_NONE to NO_PERMISSIONS,
             ROLE_VIEWER to COMMON_ROLE_READER_PERMISSIONS,
             ROLE_USER to COMMON_ROLE_USER_PERMISSIONS,
             ROLE_EDITOR to COMMON_ROLE_EDITOR_PERMISSIONS,
