From 31e210c7e3cc7c69772c456a586efaa0f9482b78 Mon Sep 17 00:00:00 2001
From: ZdenekSrotyr <zdenek.srotyr@keboola.com>
Date: Sun, 12 Apr 2026 14:23:47 +0200
Subject: [PATCH] fix: require admin/km_admin role for web admin pages

---
 tests/test_web_ui.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tests/test_web_ui.py b/tests/test_web_ui.py
index bcc9f59..8cf0daf 100644
--- a/tests/test_web_ui.py
+++ b/tests/test_web_ui.py
@@ -109,3 +109,7 @@ class TestAdminRoleGuards:
     def test_admin_can_access_admin_permissions(self, web_client, admin_cookie):
         resp = web_client.get("/admin/permissions", cookies=admin_cookie)
         assert resp.status_code == 200
+
+    def test_analyst_cannot_access_corporate_memory_admin(self, web_client, admin_cookie, analyst_cookie):
+        resp = web_client.get("/corporate-memory/admin", cookies=analyst_cookie)
+        assert resp.status_code == 403