Lock admin role permissions on server and client

2026-02-27 19:36:09 -05:00
parent 240d2ecfe8
commit 37419a5592
4 changed files with 17 additions and 1 deletions
--- a/server/app/auth_service.py
+++ b/server/app/auth_service.py
@@ -307,6 +307,8 @@ class AuthService:
        """Replace one role's permission assignment with validated keys."""

        normalized_role = self._normalize_role_name(role_name)
+        if normalized_role == "admin":
+            raise AuthError("Admin role permissions are locked on.")
        role_row = self._db_fetchone("SELECT id, name FROM roles WHERE name = ?", (normalized_role,))
        if role_row is None:
            raise AuthError("Role not found.")