@ -89,7 +89,7 @@ class AccessControl:
# Roles allowed to access the backend (whitelist).
# Management is intentionally excluded.
ALLOWED_ROLES = {"admin", "super admin", "engineer"}
ALLOWED_ROLES = {"admin", "super admin", "engineer", "application admin"}
def require_any_role(*allowed_roles: str):
@ -34,6 +34,7 @@ class OverhaulScope(Base, DefaultMixin):
(Allow, RolePrincipal("Management"), basic_permissions),
(Allow, RolePrincipal("Engineer"), engineer_permissions),
(Allow, RolePrincipal("Admin"), all_permissions),
(Allow, RolePrincipal("Application Admin"), all_permissions),
]
maintenance_type = relationship("MaintenanceType", lazy="selectin", backref="overhaul_scopes")