fix: code review comments

Signed-off-by: Tomas Weiss <[email protected]>

Author: tomkis

apps/agentstack-server/src/agentstack_server/api/auth/auth.py

@@ -121,7 +121,7 @@ def issue_internal_jwt(
             "global": global_permissions.model_dump(mode="json"),
             "context": context_permissions.model_dump(mode="json"),
         },
-        "token_version": role_version,
+        "role_version": role_version,
     }
     return jwt.encode(header, payload, key=secret_key), expires_at
 
@@ -137,7 +137,7 @@ def verify_internal_jwt(token: str, configuration: Configuration) -> ParsedToken
             "exp": {"essential": True},
             "iss": {"essential": True, "value": "agentstack-server"},
             "aud": {"essential": True, "value": "agentstack-server"},
-            "token_version": {"essential": True},
+            "role_version": {"essential": True},
         },
     )
     context_id = UUID(payload["resource"][0].replace("context:", ""))

apps/agentstack-server/src/agentstack_server/api/dependencies.py

@@ -129,8 +129,8 @@ async def authorized_user(
             parsed_token = verify_internal_jwt(bearer_auth.credentials, configuration=configuration)
             user = await user_service.get_user(parsed_token.user_id)
 
-            token_version = parsed_token.role_version
-            if token_version < user.role_version:
+            token_role_version = parsed_token.role_version
+            if token_role_version < user.role_version:
                 raise HTTPException(
                     status_code=status.HTTP_401_UNAUTHORIZED,
                     detail="Token invalidated due to role change",

apps/agentstack-server/src/agentstack_server/service_layer/services/users.py

@@ -9,7 +9,7 @@
 from agentstack_server.configuration import Configuration
 from agentstack_server.domain.models.user import User, UserRole
 from agentstack_server.domain.repositories.env import EnvStoreEntity
-from agentstack_server.exceptions import UsageLimitExceededError
+from agentstack_server.exceptions import PlatformError, UsageLimitExceededError
 from agentstack_server.service_layer.unit_of_work import IUnitOfWorkFactory
 from agentstack_server.utils.utils import utc_now
 
@@ -65,7 +65,7 @@ async def change_role(self, user_id: UUID, new_role: UserRole) -> User:
             user = await uow.users.get(user_id=user_id)
 
             if user.role == new_role:
-                raise ValueError("User already has this role")
+                raise PlatformError("User already has this role", status_code=400)
 
             user.role = new_role
             user.role_version += 1