Revert "Change read:users(services):admin scope to read:users(services):roles"

read:users(services):roles scopes will be added together with changes to api handlers
2025-10-12 12:33:02 +00:00 · 2021-04-30 15:13:29 +02:00
parent 60c73de8b2
commit cc35d84f25
3 changed files with 3 additions and 8 deletions
--- a/jupyterhub/roles.py
+++ b/jupyterhub/roles.py
@@ -64,7 +64,6 @@ def expand_self_scope(name):
        'users',
        'users:name',
        'users:groups',
-        'users:roles',
        'users:activity',
        'users:servers',
        'users:tokens',
@@ -89,7 +88,6 @@ def _get_scope_hierarchy():
        'read:users': [
            'read:users:name',
            'read:users:groups',
-            'read:users:roles',
            'read:users:activity',
        ],
        'users:activity': ['read:users:activity'],
@@ -99,7 +97,7 @@ def _get_scope_hierarchy():
        'read:users:servers': ['read:users:name'],
        'admin:groups': ['groups'],
        'groups': ['read:groups'],
-        'read:services': ['read:services:name', 'read:services:roles'],
+        'read:services': None,
        'read:hub': None,
        'proxy': None,
        'shutdown': None,
--- a/jupyterhub/scopes.py
+++ b/jupyterhub/scopes.py
@@ -208,11 +208,11 @@ def identify_scopes(obj):
    if isinstance(obj, orm.User):
        return {
            f"read:users:{field}!user={obj.name}"
-            for field in {"name", "roles", "groups"}
+            for field in {"name", "admin", "groups"}
        }
    elif isinstance(obj, orm.Service):
        return {
-            f"read:services:{field}!service={obj.name}" for field in {"name", "roles"}
+            f"read:services:{field}!service={obj.name}" for field in {"name", "admin"}
        }
    else:
        raise TypeError(f"Expected orm.User or orm.Service, got {obj!r}")
--- a/jupyterhub/tests/test_roles.py
+++ b/jupyterhub/tests/test_roles.py
@@ -185,7 +185,6 @@ def test_orm_roles_delete_cascade(db):
                'users:activity',
                'read:users:name',
                'read:users:groups',
-                'read:users:roles',
                'read:users:activity',
            },
        ),
@@ -197,7 +196,6 @@ def test_orm_roles_delete_cascade(db):
                'users:activity',
                'read:users:name',
                'read:users:groups',
-                'read:users:roles',
                'read:users:activity',
            },
        ),
@@ -207,7 +205,6 @@ def test_orm_roles_delete_cascade(db):
                'read:users',
                'read:users:name',
                'read:users:groups',
-                'read:users:roles',
                'read:users:activity',
            },
        ),