Skip to content

Respect output policy validation result#9400

Open
jahnavik186 wants to merge 1 commit intoOpenMined:devfrom
jahnavik186:fix-output-policy-validity-check
Open

Respect output policy validation result#9400
jahnavik186 wants to merge 1 commit intoOpenMined:devfrom
jahnavik186:fix-output-policy-validity-check

Conversation

@jahnavik186
Copy link
Copy Markdown

@jahnavik186 jahnavik186 commented May 3, 2026
edited
Loading

Description

Fixes #9326.

This PR prevents an Admin user from demoting their own role permissions.

Previously, an Admin could update their own user role and accidentally remove their own administrative privileges, potentially locking themselves out of admin access.

This change adds validation in user_service.py inside the user update flow to detect when:

  • the user being updated matches context.credentials
  • the current user role is ADMIN
  • the requested update would demote their role

When this happens, the update is rejected with a SyftError:

Admins cannot demote their own role!

Affected Dependencies

None.

This change only modifies internal user update validation logic in:

packages/syft/src/syft/service/user/user_service.py

How has this been tested?

Manual logic verification.

I verified the update path in user_service.py to ensure the new validation only blocks self-demotion by Admin users and does not affect other user role updates.

Checklist

  • I have followed the Contribution Guidelines and Code of Conduct
  • I have commented my code following the OpenMined Styleguide
  • I have labeled this PR with the relevant Type labels
  • My changes are covered by tests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Prevent Admin user from de-leveling its own permissions

1 participant

@jahnavik186