From c7692e30d3328bad3bd2f74117e96abbc7befef6 Mon Sep 17 00:00:00 2001 From: Hugh Brown Date: Tue, 3 Mar 2026 13:31:07 -0700 Subject: [PATCH] security: rename misleading require_admin to require_user_actor The function only checked that the caller was an authenticated user (not an agent) but its name implied privilege enforcement. Rename to require_user_actor and add docstring clarifying the distinction between actor-type checks and privilege/role checks (require_org_admin, is_super_admin). Co-Authored-By: Claude Opus 4.6 --- backend/app/api/deps.py | 10 +++++----- backend/app/services/admin_access.py | 11 ++++++++--- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/backend/app/api/deps.py b/backend/app/api/deps.py index cb4a72d9..449e1731 100644 --- a/backend/app/api/deps.py +++ b/backend/app/api/deps.py @@ -30,7 +30,7 @@ from app.db.session import get_session from app.models.boards import Board from app.models.organizations import Organization from app.models.tasks import Task -from app.services.admin_access import require_admin +from app.services.admin_access import require_user_actor from app.services.organizations import ( OrganizationContext, ensure_member_for_user, @@ -52,8 +52,8 @@ SESSION_DEP = Depends(get_session) def require_admin_auth(auth: AuthContext = AUTH_DEP) -> AuthContext: - """Require an authenticated admin user.""" - require_admin(auth) + """Require an authenticated human user (not an agent).""" + require_user_actor(auth) return auth @@ -70,9 +70,9 @@ def require_admin_or_agent( auth: AuthContext | None = AUTH_OPTIONAL_DEP, agent_auth: AgentAuthContext | None = AGENT_AUTH_OPTIONAL_DEP, ) -> ActorContext: - """Authorize either an admin user or an authenticated agent.""" + """Authorize either a human user or an authenticated agent.""" if auth is not None: - require_admin(auth) + require_user_actor(auth) return ActorContext(actor_type="user", user=auth.user) if agent_auth is not None: return ActorContext(actor_type="agent", agent=agent_auth.agent) diff --git a/backend/app/services/admin_access.py b/backend/app/services/admin_access.py index 4ce64dd1..e5270d60 100644 --- a/backend/app/services/admin_access.py +++ b/backend/app/services/admin_access.py @@ -1,4 +1,4 @@ -"""Access control helpers for admin-only operations.""" +"""Access control helpers for actor-type checks.""" from __future__ import annotations @@ -10,7 +10,12 @@ if TYPE_CHECKING: from app.core.auth import AuthContext -def require_admin(auth: AuthContext) -> None: - """Raise HTTP 403 unless the authenticated actor is a user admin.""" +def require_user_actor(auth: AuthContext) -> None: + """Raise HTTP 403 unless the authenticated actor is a human user (not an agent). + + NOTE: This is an actor-type check, NOT a privilege/role check. + For admin privilege enforcement, use ``require_org_admin`` (organization-level) + or check ``user.is_super_admin`` (global-level). + """ if auth.actor_type != "user" or auth.user is None: raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)