Add a staff_area_access permission

StevenMaude · StevenMaude · commit f79540dc5bd4 · 2025-12-04T17:59:05.000Z
We'll eventually replace checks against the `StaffAreaAdministrator`
role with checks against this permission.
diff --git a/jobserver/authorization/permissions.py b/jobserver/authorization/permissions.py
@@ -10,6 +10,7 @@
 repo_sign_off_with_outputs = "repo_sign_off_with_outputs"
 snapshot_create = "snapshot_create"
 snapshot_publish = "snapshot_publish"
+staff_area_access = "staff_area_access"
 unreleased_outputs_view = "unreleased_outputs_view"
 user_manage = "user_manage"
 workspace_archive = "workspace_archive"
diff --git a/jobserver/authorization/roles.py b/jobserver/authorization/roles.py
@@ -11,6 +11,7 @@
     repo_sign_off_with_outputs,
     snapshot_create,
     snapshot_publish,
+    staff_area_access,
     unreleased_outputs_view,
     user_manage,
     workspace_archive,
@@ -33,6 +34,7 @@ class StaffAreaAdministrator:
         backend_manage,
         org_create,
         user_manage,
+        staff_area_access,
     ]
 
 
diff --git a/tests/unit/jobserver/api/test_jobs.py b/tests/unit/jobserver/api/test_jobs.py
@@ -889,6 +889,7 @@ def test_userapidetail_success(api_rf, project_membership):
         "application_manage",
         "backend_manage",
         "org_create",
+        "staff_area_access",
         "user_manage",
     ]
 

Original file line number	Diff line number	Diff line change
`@@ -889,6 +889,7 @@ def test_userapidetail_success(api_rf, project_membership):`
`889`	`889`	`"application_manage",`
`890`	`890`	`"backend_manage",`
`891`	`891`	`"org_create",`
	`892`	`+ "staff_area_access",`
`892`	`893`	`"user_manage",`
`893`	`894`	`]`
`894`	`895`