♻️ Updates role inheritance for Admin role (ITISFoundation#8186)

matusdrobuliak66 · web-flow · commit 24afa1ff3593 · 2025-08-05T06:20:42.000Z
diff --git a/services/web/server/src/simcore_service_webserver/security/_authz_access_roles.py b/services/web/server/src/simcore_service_webserver/security/_authz_access_roles.py
@@ -120,7 +120,7 @@ class PermissionDict(TypedDict, total=False):
             "resource-usage.write",
             "storage.files.sync",
         ],
-        inherits=[UserRole.TESTER],
+        inherits=[UserRole.PRODUCT_OWNER],
     ),
 }
 
diff --git a/services/web/server/tests/unit/with_dbs/03/invitations/test_products_rest_invitations.py b/services/web/server/tests/unit/with_dbs/03/invitations/test_products_rest_invitations.py
@@ -34,7 +34,7 @@
         (UserRole.USER, status.HTTP_403_FORBIDDEN),
         (UserRole.TESTER, status.HTTP_403_FORBIDDEN),
         (UserRole.PRODUCT_OWNER, status.HTTP_200_OK),
-        (UserRole.ADMIN, status.HTTP_403_FORBIDDEN),
+        (UserRole.ADMIN, status.HTTP_200_OK),
     ],
 )
 async def test_role_access_to_generate_invitation(
diff --git a/services/web/server/tests/unit/with_dbs/03/invitations/test_users_accounts_rest_registration.py b/services/web/server/tests/unit/with_dbs/03/invitations/test_users_accounts_rest_registration.py
@@ -95,9 +95,10 @@ async def mock_send_message(msg):
         *(
             (role, status.HTTP_403_FORBIDDEN)
             for role in UserRole
-            if role not in {UserRole.PRODUCT_OWNER, UserRole.ANONYMOUS}
+            if role not in {UserRole.PRODUCT_OWNER, UserRole.ADMIN, UserRole.ANONYMOUS}
         ),
         (UserRole.PRODUCT_OWNER, status.HTTP_200_OK),
+        (UserRole.ADMIN, status.HTTP_200_OK),
     ],
 )
 async def test_access_rights_on_search_users_only_product_owners_can_access(
diff --git a/services/web/server/tests/unit/with_dbs/04/products/test_products_rest.py b/services/web/server/tests/unit/with_dbs/04/products/test_products_rest.py
@@ -51,7 +51,7 @@ async def test_get_product_price_when_undefined(
         (UserRole.USER, status.HTTP_403_FORBIDDEN),
         (UserRole.TESTER, status.HTTP_403_FORBIDDEN),
         (UserRole.PRODUCT_OWNER, status.HTTP_200_OK),
-        (UserRole.ADMIN, status.HTTP_403_FORBIDDEN),
+        (UserRole.ADMIN, status.HTTP_200_OK),
     ],
 )
 async def test_get_product_access_rights(

Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ class PermissionDict(TypedDict, total=False):`
`120`	`120`	`"resource-usage.write",`
`121`	`121`	`"storage.files.sync",`
`122`	`122`	`],`
`123`		`- inherits=[UserRole.TESTER],`
	`123`	`+ inherits=[UserRole.PRODUCT_OWNER],`
`124`	`124`	`),`
`125`	`125`	`}`
`126`	`126`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@`
`34`	`34`	`(UserRole.USER, status.HTTP_403_FORBIDDEN),`
`35`	`35`	`(UserRole.TESTER, status.HTTP_403_FORBIDDEN),`
`36`	`36`	`(UserRole.PRODUCT_OWNER, status.HTTP_200_OK),`
`37`		`- (UserRole.ADMIN, status.HTTP_403_FORBIDDEN),`
	`37`	`+ (UserRole.ADMIN, status.HTTP_200_OK),`
`38`	`38`	`],`
`39`	`39`	`)`
`40`	`40`	`async def test_role_access_to_generate_invitation(`
Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ async def test_get_product_price_when_undefined(`
`51`	`51`	`(UserRole.USER, status.HTTP_403_FORBIDDEN),`
`52`	`52`	`(UserRole.TESTER, status.HTTP_403_FORBIDDEN),`
`53`	`53`	`(UserRole.PRODUCT_OWNER, status.HTTP_200_OK),`
`54`		`- (UserRole.ADMIN, status.HTTP_403_FORBIDDEN),`
	`54`	`+ (UserRole.ADMIN, status.HTTP_200_OK),`
`55`	`55`	`],`
`56`	`56`	`)`
`57`	`57`	`async def test_get_product_access_rights(`