From cc35d84f257cfa037cb1e9a67acfad8c455c1c1c Mon Sep 17 00:00:00 2001
From: IvanaH8 <iva.huskova83@gmail.com>
Date: Fri, 30 Apr 2021 15:13:29 +0200
Subject: [PATCH] Revert "Change read:users(services):admin scope to
 read:users(services):roles"

read:users(services):roles scopes will be added together with changes to api handlers
---
 jupyterhub/roles.py            | 4 +---
 jupyterhub/scopes.py           | 4 ++--
 jupyterhub/tests/test_roles.py | 3 ---
 3 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/jupyterhub/roles.py b/jupyterhub/roles.py
index b07591be..a685e1cd 100644
--- a/jupyterhub/roles.py
+++ b/jupyterhub/roles.py
@@ -64,7 +64,6 @@ def expand_self_scope(name):
         'users',
         'users:name',
         'users:groups',
-        'users:roles',
         'users:activity',
         'users:servers',
         'users:tokens',
@@ -89,7 +88,6 @@ def _get_scope_hierarchy():
         'read:users': [
             'read:users:name',
             'read:users:groups',
-            'read:users:roles',
             'read:users:activity',
         ],
         'users:activity': ['read:users:activity'],
@@ -99,7 +97,7 @@ def _get_scope_hierarchy():
         'read:users:servers': ['read:users:name'],
         'admin:groups': ['groups'],
         'groups': ['read:groups'],
-        'read:services': ['read:services:name', 'read:services:roles'],
+        'read:services': None,
         'read:hub': None,
         'proxy': None,
         'shutdown': None,
diff --git a/jupyterhub/scopes.py b/jupyterhub/scopes.py
index ac68f6e6..c5e6365c 100644
--- a/jupyterhub/scopes.py
+++ b/jupyterhub/scopes.py
@@ -208,11 +208,11 @@ def identify_scopes(obj):
     if isinstance(obj, orm.User):
         return {
             f"read:users:{field}!user={obj.name}"
-            for field in {"name", "roles", "groups"}
+            for field in {"name", "admin", "groups"}
         }
     elif isinstance(obj, orm.Service):
         return {
-            f"read:services:{field}!service={obj.name}" for field in {"name", "roles"}
+            f"read:services:{field}!service={obj.name}" for field in {"name", "admin"}
         }
     else:
         raise TypeError(f"Expected orm.User or orm.Service, got {obj!r}")
diff --git a/jupyterhub/tests/test_roles.py b/jupyterhub/tests/test_roles.py
index 9fede4bd..30e442dc 100644
--- a/jupyterhub/tests/test_roles.py
+++ b/jupyterhub/tests/test_roles.py
@@ -185,7 +185,6 @@ def test_orm_roles_delete_cascade(db):
                 'users:activity',
                 'read:users:name',
                 'read:users:groups',
-                'read:users:roles',
                 'read:users:activity',
             },
         ),
@@ -197,7 +196,6 @@ def test_orm_roles_delete_cascade(db):
                 'users:activity',
                 'read:users:name',
                 'read:users:groups',
-                'read:users:roles',
                 'read:users:activity',
             },
         ),
@@ -207,7 +205,6 @@ def test_orm_roles_delete_cascade(db):
                 'read:users',
                 'read:users:name',
                 'read:users:groups',
-                'read:users:roles',
                 'read:users:activity',
             },
         ),