diff --git a/src/auth/access_control.py b/src/auth/access_control.py index 08c2255..252b2d6 100644 --- a/src/auth/access_control.py +++ b/src/auth/access_control.py @@ -89,7 +89,7 @@ class AccessControl: # Roles allowed to access the backend (whitelist). # Management is intentionally excluded. -ALLOWED_ROLES = {"admin", "super admin", "engineer"} +ALLOWED_ROLES = {"admin", "super admin", "engineer", "application admin"} def require_any_role(*allowed_roles: str): diff --git a/src/overhaul_scope/model.py b/src/overhaul_scope/model.py index 9c29297..3981c9e 100644 --- a/src/overhaul_scope/model.py +++ b/src/overhaul_scope/model.py @@ -34,6 +34,7 @@ class OverhaulScope(Base, DefaultMixin): (Allow, RolePrincipal("Management"), basic_permissions), (Allow, RolePrincipal("Engineer"), engineer_permissions), (Allow, RolePrincipal("Admin"), all_permissions), + (Allow, RolePrincipal("Application Admin"), all_permissions), ] maintenance_type = relationship("MaintenanceType", lazy="selectin", backref="overhaul_scopes")