From 894feb20f1aa23616c6b790ead914689b9510673 Mon Sep 17 00:00:00 2001 From: kyy Date: Mon, 8 Jun 2026 11:40:31 +0900 Subject: [PATCH] =?UTF-8?q?devfront=20rp=5Fadmin=20tenant=5Fadmin=20?= =?UTF-8?q?=EC=A0=9C=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/ForbiddenMessage.test.tsx | 16 ++++------------ .../src/components/common/ForbiddenMessage.tsx | 10 ---------- devfront/src/features/clients/ClientsPage.tsx | 4 +--- .../clients/clientCreateAccess.test.ts | 4 ++-- .../src/features/clients/clientCreateAccess.ts | 2 +- .../developerAccessGate.test.ts | 5 ++--- .../developer-access/developerAccessGate.ts | 10 +--------- devfront/src/lib/role.test.ts | 5 +---- devfront/src/lib/role.ts | 8 -------- devfront/src/locales/en.toml | 18 ++++-------------- devfront/src/locales/ko.toml | 18 ++++-------------- devfront/src/locales/template.toml | 8 -------- devfront/tests/devfront-client-tabs.spec.ts | 2 +- .../tests/devfront-developer-request.spec.ts | 2 +- devfront/tests/devfront-relationships.spec.ts | 2 +- .../tests/devfront-role-switch-report.spec.ts | 16 ++++++++-------- devfront/tests/devfront-security.spec.ts | 12 ++++++------ devfront/tests/devfront-tenant-switch.spec.ts | 8 ++++---- devfront/tests/helpers/devfront-fixtures.ts | 8 ++++---- 19 files changed, 45 insertions(+), 113 deletions(-) diff --git a/devfront/src/components/common/ForbiddenMessage.test.tsx b/devfront/src/components/common/ForbiddenMessage.test.tsx index bbad6610..286be653 100644 --- a/devfront/src/components/common/ForbiddenMessage.test.tsx +++ b/devfront/src/components/common/ForbiddenMessage.test.tsx @@ -65,17 +65,9 @@ describe("ForbiddenMessage", () => { expect(clients.textContent).toContain("target application"); }); - it("renders specific guidance for privileged admin roles", async () => { - authState.user.profile.role = "rp_admin"; - const rpAdmin = await renderMessage("clients"); - expect(rpAdmin.textContent).toContain( - "RP administrators can only access resources for their assigned applications.", - ); - - authState.user.profile.role = "tenant_admin"; - const tenantAdmin = await renderMessage("clients"); - expect(tenantAdmin.textContent).toContain( - "Tenant administrator permissions are not configured correctly or have expired.", - ); + it("falls back to the default message for non-user roles", async () => { + authState.user.profile.role = "super_admin"; + const admin = await renderMessage("clients"); + expect(admin.textContent).toContain("You do not have permission"); }); }); diff --git a/devfront/src/components/common/ForbiddenMessage.tsx b/devfront/src/components/common/ForbiddenMessage.tsx index ac4b197d..3bf488cd 100644 --- a/devfront/src/components/common/ForbiddenMessage.tsx +++ b/devfront/src/components/common/ForbiddenMessage.tsx @@ -34,16 +34,6 @@ export function ForbiddenMessage({ resourceToken }: Props) { "Standard user accounts can use this feature only when an operational or administrative relationship is granted for the target application. Request access from an administrator if needed.", ); } - } else if (role === "rp_admin") { - explanation = t( - "msg.dev.forbidden.rp_admin", - "RP administrators can only access resources for their assigned applications.", - ); - } else if (role === "tenant_admin") { - explanation = t( - "msg.dev.forbidden.tenant_admin", - "Tenant administrator permissions are not configured correctly or have expired.", - ); } const resourceLabel = diff --git a/devfront/src/features/clients/ClientsPage.tsx b/devfront/src/features/clients/ClientsPage.tsx index c82680f6..6c22bc88 100644 --- a/devfront/src/features/clients/ClientsPage.tsx +++ b/devfront/src/features/clients/ClientsPage.tsx @@ -93,9 +93,7 @@ function ClientsPage() { } = useQuery({ queryKey: ["developer-request", tenantId], queryFn: () => fetchDeveloperRequestStatus(tenantId), - enabled: - hasAccessToken && - (profileRole === "user" || profileRole === "tenant_member"), + enabled: hasAccessToken && profileRole === "user", }); const { data: tenants } = useQuery({ queryKey: ["myTenants"], diff --git a/devfront/src/features/clients/clientCreateAccess.test.ts b/devfront/src/features/clients/clientCreateAccess.test.ts index 79200c10..0a70c61b 100644 --- a/devfront/src/features/clients/clientCreateAccess.test.ts +++ b/devfront/src/features/clients/clientCreateAccess.test.ts @@ -5,7 +5,7 @@ describe("client create access", () => { it("allows privileged roles to create clients without developer request approval", () => { expect( resolveClientCreateAccess({ - role: "rp_admin", + role: "super_admin", }), ).toBe("can_create"); }); @@ -31,7 +31,7 @@ describe("client create access", () => { it("shows pending state while a developer request is under review", () => { expect( resolveClientCreateAccess({ - role: "tenant_member", + role: "user", requestStatus: "pending", }), ).toBe("pending"); diff --git a/devfront/src/features/clients/clientCreateAccess.ts b/devfront/src/features/clients/clientCreateAccess.ts index 64e3e556..f5e4ded6 100644 --- a/devfront/src/features/clients/clientCreateAccess.ts +++ b/devfront/src/features/clients/clientCreateAccess.ts @@ -12,7 +12,7 @@ type ResolveClientCreateAccessParams = { }; function canSelfRequestDeveloperAccess(role: string) { - return role === "user" || role === "tenant_member"; + return role === "user"; } export function resolveClientCreateAccess({ diff --git a/devfront/src/features/developer-access/developerAccessGate.test.ts b/devfront/src/features/developer-access/developerAccessGate.test.ts index 02acae89..a13c2e8a 100644 --- a/devfront/src/features/developer-access/developerAccessGate.test.ts +++ b/devfront/src/features/developer-access/developerAccessGate.test.ts @@ -8,8 +8,7 @@ import { describe("developer access gate", () => { it("fetches request status only for user roles", () => { expect(shouldFetchDeveloperRequestStatus("user")).toBe(true); - expect(shouldFetchDeveloperRequestStatus("tenant_admin")).toBe(false); - expect(shouldFetchDeveloperRequestStatus("rp_admin")).toBe(false); + expect(shouldFetchDeveloperRequestStatus("super_admin")).toBe(false); }); it("resolves access and request states from the request status", () => { @@ -41,7 +40,7 @@ describe("developer access gate", () => { it("shows the loading gate only for user requests", () => { expect(shouldShowDeveloperAccessLoading("user", true, false)).toBe(true); expect(shouldShowDeveloperAccessLoading("user", false, true)).toBe(true); - expect(shouldShowDeveloperAccessLoading("tenant_admin", true, true)).toBe( + expect(shouldShowDeveloperAccessLoading("super_admin", true, true)).toBe( false, ); }); diff --git a/devfront/src/features/developer-access/developerAccessGate.ts b/devfront/src/features/developer-access/developerAccessGate.ts index b482da4b..e503aa74 100644 --- a/devfront/src/features/developer-access/developerAccessGate.ts +++ b/devfront/src/features/developer-access/developerAccessGate.ts @@ -11,20 +11,12 @@ export type DeveloperAccessGateState = { isLoadingDeveloperAccessGate: boolean; }; -function isPrivilegedDeveloperRole(profileRole: string) { - return ( - profileRole === "super_admin" || - profileRole === "rp_admin" || - profileRole === "tenant_admin" - ); -} - export function resolveDeveloperAccessGate( profileRole: string, requestStatus?: DeveloperRequestStatus, ): Omit { const hasDeveloperAccess = - isPrivilegedDeveloperRole(profileRole) || requestStatus === "approved"; + profileRole === "super_admin" || requestStatus === "approved"; const isDeveloperRequestPending = requestStatus === "pending"; const canRequestDeveloperAccess = profileRole === "user" && !hasDeveloperAccess && !isDeveloperRequestPending; diff --git a/devfront/src/lib/role.test.ts b/devfront/src/lib/role.test.ts index 6ad7bb98..7b5b6e88 100644 --- a/devfront/src/lib/role.test.ts +++ b/devfront/src/lib/role.test.ts @@ -3,11 +3,8 @@ import { normalizeRole, resolveProfileRole } from "./role"; describe("normalizeRole", () => { it("normalizes known role aliases", () => { - expect(normalizeRole("tenant_member")).toBe("user"); expect(normalizeRole("admin")).toBe("user"); expect(normalizeRole("superadmin")).toBe("super_admin"); - expect(normalizeRole("tenantadmin")).toBe("tenant_admin"); - expect(normalizeRole("rpadmin")).toBe("rp_admin"); }); it("returns 'user' for unknown string values and empty string for non-strings", () => { @@ -21,7 +18,7 @@ describe("resolveProfileRole", () => { expect( resolveProfileRole({ role: " ", - grade: "tenant_member", + grade: " ", "custom:role": "admin", }), ).toBe("user"); diff --git a/devfront/src/lib/role.ts b/devfront/src/lib/role.ts index 48439ee4..5c00ecef 100644 --- a/devfront/src/lib/role.ts +++ b/devfront/src/lib/role.ts @@ -7,14 +7,6 @@ export function normalizeRole(rawRole: unknown): string { case "superadmin": case "super-admin": return "super_admin"; - case "rp_admin": - case "rpadmin": - case "rp-admin": - return "rp_admin"; - case "tenant_admin": - case "tenantadmin": - case "tenant-admin": - return "tenant_admin"; default: return "user"; } diff --git a/devfront/src/locales/en.toml b/devfront/src/locales/en.toml index 632e3af1..2a4db872 100644 --- a/devfront/src/locales/en.toml +++ b/devfront/src/locales/en.toml @@ -1001,11 +1001,8 @@ total_tenants = "Total Tenants" manageable_tenants = "Manageable Tenants" [ui.admin.role] -rp_admin = "Service Administrator (RP Admin)" super_admin = "System Administrator (Super Admin)" -tenant_admin = "Tenant Administrator (Tenant Admin)" -tenant_member = "General User (Tenant Member)" -user = "General User (Tenant Member)" +user = "General User" [ui.admin.tenants] add = "Add Tenant" @@ -1366,10 +1363,8 @@ collapse = "Collapse sidebar" expand = "Expand sidebar" [ui.shell.role] -rp_admin = "Service Administrator (RP Admin)" super_admin = "System Administrator (Super Admin)" -tenant_admin = "Tenant Administrator (Tenant Admin)" -user = "General User (Tenant Member)" +user = "General User" [ui.dev.clients] new = "Add Connected Application" @@ -2043,10 +2038,7 @@ title = "System Role" description = "The permission level granted to this account." current = "Current Role" desc_super_admin = "Can manage all tenants and applications system-wide without restriction." -desc_tenant_admin = "Can manage all applications within their assigned tenant." -desc_rp_admin = "Can view and manage only assigned/linked applications." desc_user = "Standard application access. DevFront access is denied." -desc_tenant_member = "Standard application access. DevFront access is denied." [ui.admin.nav] api_keys = "API Keys" @@ -2068,9 +2060,7 @@ single_notice = "You belong to a single tenant and do not need to switch." [msg.dev.forbidden] default = "You do not have permission to access this resource. Please contact an administrator." -rp_admin = "RP administrators can only view resources for their assigned apps." -tenant_admin = "Tenant administrator permissions are not configured correctly or have expired." user.clients = "General user accounts can only use this feature if they have been granted operational or management relationships for the relevant RP (App). If you need access, please request it from an administrator." -user.consents = "Viewing consent history for this App (RP) is only available when granted 'RP Admin', 'Consent View', or 'Consent Revoke' relationships. If you need access, please request it from an administrator." -user.audit = "Viewing audit logs for this App (RP) is only available when granted 'RP Admin' or 'Audit View' relationships. If you need access, please request it from an administrator." +user.consents = "Viewing consent history for this App (RP) is only available when granted operational, consent view, or consent revoke relationships. If you need access, please request it from an administrator." +user.audit = "Viewing audit logs for this App (RP) is only available when granted operational or audit view relationships. If you need access, please request it from an administrator." title = "Access Denied: {{resource}}" diff --git a/devfront/src/locales/ko.toml b/devfront/src/locales/ko.toml index 82256fc3..00745fa5 100644 --- a/devfront/src/locales/ko.toml +++ b/devfront/src/locales/ko.toml @@ -1001,11 +1001,8 @@ total_tenants = "전체 테넌트 수" manageable_tenants = "관리 가능한 테넌트" [ui.admin.role] -rp_admin = "서비스 관리자 (RP Admin)" super_admin = "시스템 관리자 (Super Admin)" -tenant_admin = "테넌트 관리자 (Tenant Admin)" -tenant_member = "일반 사용자 (Tenant Member)" -user = "일반 사용자 (Tenant Member)" +user = "일반 사용자" [ui.admin.tenants] add = "테넌트 추가" @@ -1366,10 +1363,8 @@ collapse = "사이드바 접기" expand = "사이드바 펼치기" [ui.shell.role] -rp_admin = "서비스 관리자 (RP Admin)" super_admin = "시스템 관리자 (Super Admin)" -tenant_admin = "테넌트 관리자 (Tenant Admin)" -user = "일반 사용자 (Tenant Member)" +user = "일반 사용자" [ui.dev.clients] new = "연동 앱 추가" @@ -2051,10 +2046,7 @@ title = "시스템 역할" description = "현재 계정에 부여된 권한 등급입니다." current = "현재 역할" desc_super_admin = "전체 시스템의 모든 테넌트와 모든 앱을 제한 없이 관리할 수 있습니다." -desc_tenant_admin = "본인이 속한 테넌트(조직/회사) 하위의 모든 앱을 관리할 수 있습니다." -desc_rp_admin = "본인에게 할당된 연동 앱(Client)만 확인 및 관리할 수 있습니다." desc_user = "기본 앱 이용 권한을 가지며, DevFront 접근은 차단됩니다." -desc_tenant_member = "기본 앱 이용 권한을 가지며, DevFront 접근은 차단됩니다." [ui.dev.tenant] workspace = "작업 테넌트 (컨텍스트)" @@ -2064,9 +2056,7 @@ single_notice = "단일 테넌트에 소속되어 전환할 필요가 없습니 [msg.dev.forbidden] default = "해당 리소스에 접근할 권한이 없습니다. 관리자에게 문의하세요." -rp_admin = "RP 관리자는 담당 앱의 리소스만 조회할 수 있습니다." -tenant_admin = "테넌트 관리자 권한이 올바르게 설정되지 않았거나 만료되었습니다." user.clients = "일반 사용자 계정은 담당 RP(앱)에 대한 운영 또는 관리 관계가 부여된 경우에만 해당 기능을 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요." -user.consents = "해당 앱(RP)에 대한 동의 내역 조회는 'RP 관리자', '동의 조회', '동의 회수' 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요." -user.audit = "해당 앱(RP)에 대한 감사 로그 조회는 'RP 관리자', '감사 조회' 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요." +user.consents = "해당 앱(RP)에 대한 동의 내역 조회는 운영, 동의 조회, 동의 회수 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요." +user.audit = "해당 앱(RP)에 대한 감사 로그 조회는 운영 또는 감사 조회 관계가 부여된 경우에만 사용할 수 있습니다. 권한이 필요하면 관리자에게 요청하세요." title = "{{resource}} 접근 권한 없음" diff --git a/devfront/src/locales/template.toml b/devfront/src/locales/template.toml index 881e2739..3c4bc50a 100644 --- a/devfront/src/locales/template.toml +++ b/devfront/src/locales/template.toml @@ -1040,10 +1040,7 @@ total_tenants = "" manageable_tenants = "" [ui.admin.role] -rp_admin = "" super_admin = "" -tenant_admin = "" -tenant_member = "" user = "" [ui.admin.tenants] @@ -1422,9 +1419,7 @@ collapse = "" expand = "" [ui.shell.role] -rp_admin = "" super_admin = "" -tenant_admin = "" user = "" [ui.dev.clients] @@ -2093,10 +2088,7 @@ title = "" description = "" current = "" desc_super_admin = "" -desc_tenant_admin = "" -desc_rp_admin = "" desc_user = "" -desc_tenant_member = "" [ui.dev.tenant] workspace = "Workspace Tenant (Context)" diff --git a/devfront/tests/devfront-client-tabs.spec.ts b/devfront/tests/devfront-client-tabs.spec.ts index ab052c23..c54f1df0 100644 --- a/devfront/tests/devfront-client-tabs.spec.ts +++ b/devfront/tests/devfront-client-tabs.spec.ts @@ -53,7 +53,7 @@ function expectClientTabsOrder(pagePath: string, expectedActive: RegExp) { test.describe("DevFront client detail tabs", () => { test.beforeEach(async ({ page }) => { - await seedAuth(page, "rp_admin"); + await seedAuth(page, "super_admin"); }); test( diff --git a/devfront/tests/devfront-developer-request.spec.ts b/devfront/tests/devfront-developer-request.spec.ts index 25543350..a706482e 100644 --- a/devfront/tests/devfront-developer-request.spec.ts +++ b/devfront/tests/devfront-developer-request.spec.ts @@ -127,7 +127,7 @@ test.describe("DevFront developer request and management", () => { developerRequests: [request], }; - await seedAuth(page, "rp_admin"); + await seedAuth(page, "user"); await installDevApiMock(page, state); await page.goto("/clients"); diff --git a/devfront/tests/devfront-relationships.spec.ts b/devfront/tests/devfront-relationships.spec.ts index aba2ce95..52338aaa 100644 --- a/devfront/tests/devfront-relationships.spec.ts +++ b/devfront/tests/devfront-relationships.spec.ts @@ -19,7 +19,7 @@ test.describe("DevFront relationships", () => { page.on("dialog", async (dialog) => { await dialog.accept(); }); - await seedAuth(page, "rp_admin"); + await seedAuth(page, "super_admin"); }); test("list add and remove direct RP relationships", async ({ page }) => { diff --git a/devfront/tests/devfront-role-switch-report.spec.ts b/devfront/tests/devfront-role-switch-report.spec.ts index 6cfe25fb..433ea215 100644 --- a/devfront/tests/devfront-role-switch-report.spec.ts +++ b/devfront/tests/devfront-role-switch-report.spec.ts @@ -100,10 +100,10 @@ test.describe("DevFront role report", () => { await captureEvidence(page, testInfo, "role-user-overview-approved"); }); - test("rp_admin sees only assigned Gitea app and its logs", async ({ + test("user sees only assigned Gitea app and its logs", async ({ page, }, testInfo) => { - await seedAuth(page, "rp_admin"); + await seedAuth(page, "user"); const state = { clients: [makeClient("gitea-client", { name: "Gitea" })], consents: [] as Consent[], @@ -133,18 +133,18 @@ test.describe("DevFront role report", () => { await expect( page.getByRole("cell", { name: "gitea-client" }), ).toBeVisible(); - await captureEvidence(page, testInfo, "role-rp-admin-clients"); + await captureEvidence(page, testInfo, "role-user-clients"); await page.goto("/audit-logs"); await expect(page.getByText("UPDATE_CLIENT")).toBeVisible(); await expect(page.getByText("gitea-client")).toBeVisible(); - await captureEvidence(page, testInfo, "role-rp-admin-audit"); + await captureEvidence(page, testInfo, "role-user-audit"); }); - test("tenant_admin can manage tenant apps and see tenant logs", async ({ + test("super_admin can manage tenant apps and see tenant logs", async ({ page, }, testInfo) => { - await seedAuth(page, "tenant_admin"); + await seedAuth(page, "super_admin"); const state = { clients: [ makeClient("tenant-a-app-1", { name: "Tenant A CRM" }), @@ -159,7 +159,7 @@ test.describe("DevFront role report", () => { await page.goto("/clients"); await expect(page.getByText("Tenant A CRM")).toBeVisible(); await expect(page.getByText("Tenant A ERP")).toBeVisible(); - await captureEvidence(page, testInfo, "role-tenant-admin-clients"); + await captureEvidence(page, testInfo, "role-super-admin-clients"); await page.goto("/clients/tenant-a-app-1/settings"); await page @@ -179,7 +179,7 @@ test.describe("DevFront role report", () => { timeout: 30000, }); await expect(page.getByText("tenant-a-app-1")).toBeVisible(); - await captureEvidence(page, testInfo, "role-tenant-admin-audit"); + await captureEvidence(page, testInfo, "role-super-admin-audit"); }); test("super_admin sees all and can generate log entries", async ({ diff --git a/devfront/tests/devfront-security.spec.ts b/devfront/tests/devfront-security.spec.ts index fe389b4c..c10644a2 100644 --- a/devfront/tests/devfront-security.spec.ts +++ b/devfront/tests/devfront-security.spec.ts @@ -59,10 +59,10 @@ test.describe("DevFront security and isolation", () => { await expect(page.getByText("Server side App")).not.toBeVisible(); }); - test("tenant_member user can enter DevFront and sees empty RP list", async ({ + test("user can enter DevFront and sees empty RP list", async ({ page, }) => { - await seedAuth(page, "tenant_member"); + await seedAuth(page, "user"); const state = { clients: [] as ReturnType[], consents: [] as Consent[], @@ -80,10 +80,10 @@ test.describe("DevFront security and isolation", () => { ).not.toBeVisible(); }); - test("rp_admin receives 403 on clients list and sees ForbiddenMessage", async ({ + test("user receives 403 on clients list and sees ForbiddenMessage", async ({ page, }) => { - await seedAuth(page, "rp_admin"); + await seedAuth(page, "user"); const state = { clients: [] as ReturnType[], @@ -109,10 +109,10 @@ test.describe("DevFront security and isolation", () => { ).toBeVisible(); }); - test("tenant_admin receives 403 on audit logs and sees ForbiddenMessage", async ({ + test("user receives 403 on audit logs and sees ForbiddenMessage", async ({ page, }) => { - await seedAuth(page, "tenant_admin"); + await seedAuth(page, "user"); const state = { clients: [] as ReturnType[], diff --git a/devfront/tests/devfront-tenant-switch.spec.ts b/devfront/tests/devfront-tenant-switch.spec.ts index 8591b9fb..fc88c9d6 100644 --- a/devfront/tests/devfront-tenant-switch.spec.ts +++ b/devfront/tests/devfront-tenant-switch.spec.ts @@ -29,7 +29,7 @@ test.describe("DevFront tenant switch", () => { id: "playwright-user", email: "playwright@example.com", name: "Playwright User", - role: "tenant_admin", + role: "user", tenantId: "tenant-a", }), }); @@ -40,8 +40,8 @@ test.describe("DevFront tenant switch", () => { }); test("multiple tenants: user can switch tenant context", async ({ page }) => { - // Seed an admin user - await seedAuth(page, "tenant_admin"); + // Seed a standard user + await seedAuth(page, "user"); await installDevApiMock(page, MOCK_STATE); @@ -87,7 +87,7 @@ test.describe("DevFront tenant switch", () => { test("single tenant: switcher is disabled with a notice", async ({ page, }) => { - await seedAuth(page, "tenant_admin"); + await seedAuth(page, "user"); // Mock API to return only ONE tenant await page.route("**/api/v1/dev/my-tenants", async (route) => { diff --git a/devfront/tests/helpers/devfront-fixtures.ts b/devfront/tests/helpers/devfront-fixtures.ts index 3c5e4152..68fc3b7c 100644 --- a/devfront/tests/helpers/devfront-fixtures.ts +++ b/devfront/tests/helpers/devfront-fixtures.ts @@ -150,7 +150,7 @@ export function makeClient( export async function seedAuth(page: Page, role?: string) { const nowInSeconds = Math.floor(Date.now() / 1000); - seededRoles.set(page, role || "rp_admin"); + seededRoles.set(page, role || "super_admin"); await page.addInitScript( ({ issuedAt, injectedRole }) => { @@ -190,7 +190,7 @@ export async function seedAuth(page: Page, role?: string) { window.sessionStorage.setItem(key, JSON.stringify(mockOidcUser)); } - window.localStorage.setItem("dev_role", injectedRole || "rp_admin"); + window.localStorage.setItem("dev_role", injectedRole || "super_admin"); window.localStorage.setItem("dev_tenant_id", "tenant-a"); }, { issuedAt: nowInSeconds, injectedRole: role ?? "" }, @@ -240,7 +240,7 @@ function parseClientId(pathname: string): string { export async function installDevApiMock(page: Page, state: DevApiMockState) { const readMockRole = () => - (state.mockRole ?? seededRoles.get(page) ?? "rp_admin").trim(); + (state.mockRole ?? seededRoles.get(page) ?? "super_admin").trim(); const buildSelfConfigEditorRelation = (): ClientRelation => ({ relation: "config_editor", @@ -253,7 +253,7 @@ export async function installDevApiMock(page: Page, state: DevApiMockState) { }); const shouldGrantDefaultEditRelation = (role: string) => - role === "rp_admin" || role === "tenant_admin" || role === "super_admin"; + role === "super_admin"; const resolveClientRelations = async (clientId: string) => { const explicitRelations = state.relations?.[clientId];