Update permissions docs

dolfinus · dolfinus · commit b50866278651 · 2025-06-19T15:24:34.000+03:00
diff --git a/docs/design/permissions.rst b/docs/design/permissions.rst
@@ -12,11 +12,11 @@ Roles are:
 * ``GUEST``
   Read-only access to objects within a group.
 * ``DEVELOPER``
-  Read-write (manage) connections and transfer, read-only for other objects.
+  Read-write (manage) connections, transfers and runs. Read-only for queues.
 * ``MAINTAINER`` (DevOps):
-  Manage connections, transfers and queues.
+  Manage connections, transfers, runs and queues.
 * ``OWNER`` (Product Owner)
-  Manage connections, transfers, queues and user-group membership. Group can have only one maintainer.
+  Manage connections, transfers, runs, queues and user-group membership. Group can have only one owner.
 * ``SUPERUSER`` (Admin)
   Meta role assigned to specific users, NOT within group. All permissions, including ability to create/delete groups.
   Superusers are created by :ref:`manage-superusers-cli`.
@@ -62,7 +62,7 @@ Add user to the group and delete
 ---------------------------------
 Each user has the right to remove himself from a group, regardless of his role in the group.
 
-.. list-table:: Rights to delete and add users to a group.
+.. list-table:: Rights to add/delete users to a group
    :header-rows: 1
 
    * - Rule \ Role
@@ -84,10 +84,10 @@ Each user has the right to remove himself from a group, regardless of his role i
      - x
      - x
 
-Transfers, Runs and Connections
---------------------------------
+Transfers, and Connections
+--------------------------
 
-.. list-table:: Right to work wirh Transfers, Runs and Connections repositories.
+.. list-table:: Right to work with Transfers and Connections within a group
    :header-rows: 1
 
 
@@ -116,10 +116,36 @@ Transfers, Runs and Connections
      - x
      - x
 
+Runs
+----
+
+.. list-table:: Right to work with Runs within a group
+   :header-rows: 1
+
+
+   * - Rule \ Role
+     - Guest
+     - Developer
+     - Maintainer
+     - Owner
+     - Superuser
+   * - READ
+     - x
+     - x
+     - x
+     - x
+     - x
+   * - CREATE (START), STOP
+     -
+     - x
+     - x
+     - x
+     - x
+
 Queues
 ------
 
-.. list-table:: Rights to read, delete and update queues.
+.. list-table:: Rights to work with Queues within a namespace
    :header-rows: 1
 
    * - Rule \ Role
diff --git a/syncmaster/server/api/v1/runs.py b/syncmaster/server/api/v1/runs.py
@@ -23,7 +23,6 @@
 from syncmaster.server.dependencies import Stub
 from syncmaster.server.services.get_user import get_user
 from syncmaster.server.services.unit_of_work import UnitOfWork
-from syncmaster.server.settings import ServerAppSettings as Settings
 
 router = APIRouter(tags=["Runs"], responses=get_error_responses())
 
@@ -82,7 +81,6 @@ async def read_run(
 @router.post("/runs")
 async def start_run(  # noqa: WPS217
     create_run_data: CreateRunSchema,
-    settings: Annotated[Settings, Depends(Stub(Settings))],
     celery: Annotated[Celery, Depends(Stub(Celery))],
     unit_of_work: UnitOfWork = Depends(UnitOfWork),
     current_user: User = Depends(get_user(is_active=True)),
