Protect user role from deletion and use action sound asset

2026-02-27 19:15:13 -05:00
parent 7d25cc226f
commit d522ba10a8
4 changed files with 17 additions and 6 deletions
--- a/server/app/auth_service.py
+++ b/server/app/auth_service.py
@@ -330,8 +330,8 @@ class AuthService:

        normalized_role = self._normalize_role_name(role_name)
        normalized_replacement = self._normalize_role_name(replacement_role_name)
-        if normalized_role == "admin":
-            raise AuthError("Admin role cannot be deleted.")
+        if normalized_role in {"admin", "user"}:
+            raise AuthError("Admin and user roles cannot be deleted.")
        if normalized_role == normalized_replacement:
            raise AuthError("Replacement role must differ from deleted role.")

--- a/server/tests/test_auth_service.py
+++ b/server/tests/test_auth_service.py
@@ -67,3 +67,14 @@ def test_login_missing_user_runs_dummy_verify(monkeypatch: pytest.MonkeyPatch, t
        assert calls[0][0] == "password99"
    finally:
        service.close()
+
+
+def test_delete_role_rejects_admin_and_user(tmp_path: Path) -> None:
+    service = make_auth_service(tmp_path)
+    try:
+        with pytest.raises(AuthError):
+            service.delete_role("admin", "editor")
+        with pytest.raises(AuthError):
+            service.delete_role("user", "editor")
+    finally:
+        service.close()