Merge pull request #3117 from HHS/OPS-3111/update-system-admin-role

Ops 3111/update system admin role
HHS · Nov 25, 2024 · 27b3dfc · 27b3dfc
2 parents 1b64d78 + a44a639
commit 27b3dfc
Show file tree

Hide file tree

Showing 52 changed files with 181 additions and 163 deletions.
diff --git a/backend/data_tools/data/user_data.json5 b/backend/data_tools/data/user_data.json5
@@ -37,8 +37,8 @@
     }
   ],
   role: [
-    { // 1 Admin
-      name: "admin",
+    { // 1 SYSTEM_OWNER
+      name: "SYSTEM_OWNER",
       permissions: [
         "GET_AGREEMENT",
         "PUT_AGREEMENT",
@@ -50,7 +50,6 @@
         "PUT_BUDGET_LINE_ITEM",
         "PATCH_BUDGET_LINE_ITEM",
         "POST_BUDGET_LINE_ITEM",
-        // Delete permissions are only for local, not for prod. Users should not have delete BLI permissions in prod.
         "DELETE_BUDGET_LINE_ITEM",
 
         "GET_SERVICES_COMPONENT",
@@ -70,18 +69,25 @@
         "DELETE_CAN",
 
         "GET_DIVISION",
+        "PUT_DIVISION",
+        "PATCH_DIVISION",
+        "POST_DIVISION",
+        "DELETE_DIVISION",
 
         "GET_NOTIFICATION",
         "PUT_NOTIFICATION",
         "PATCH_NOTIFICATION",
 
         "GET_PORTFOLIO",
+        "PUT_PORTFOLIO",
+        "PATCH_PORTFOLIO",
+        "POST_PORTFOLIO",
+        "DELETE_PORTFOLIO",
 
         "GET_RESEARCH_PROJECT",
         "POST_RESEARCH_PROJECT",
 
         "GET_USER",
-
         "PUT_USER",
         "PATCH_USER",
 
@@ -507,10 +513,10 @@
       status: "ACTIVE"
     },
     { // 520 User is used in E2E tests
-      first_name: "Admin",
-      last_name: "Demo",
+      first_name: "System",
+      last_name: "Owner",
       division: 3,
-      email: "admin.demo@email.com",
+      email: "system.owner@email.com",
       oidc_id: "00000000-0000-1111-a111-000000000018",
       roles: [{"tablename":  "role", "id": 1}],
       status: "ACTIVE"

diff --git a/backend/data_tools/initial_data/001-division.sql b/backend/data_tools/initial_data/001-division.sql
@@ -1,7 +1,7 @@
 INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (1, 'Child Care', 'CC', current_timestamp, current_timestamp);
 INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (2, 'Division of Economic Independence', 'DEI', current_timestamp, current_timestamp);
 INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (3, 'Office of the Director', 'OD', current_timestamp, current_timestamp);
-INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (4, 'Division of Child and Family Development', 'DFCD', current_timestamp, current_timestamp);
+INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (4, 'Division of Child and Family Development', 'DCFD', current_timestamp, current_timestamp);
 INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (5, 'Division of Family Strengthening', 'DFS', current_timestamp, current_timestamp);
 INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (6, 'Division of Data and Improvement', 'DDI', current_timestamp, current_timestamp);
 INSERT INTO ops.division (id, name, abbreviation, created_on, updated_on) VALUES (7, 'Non-OPRE Division', 'OTHER', current_timestamp, current_timestamp);
diff --git a/backend/data_tools/initial_data/003-role.sql b/backend/data_tools/initial_data/003-role.sql
@@ -1,4 +1,4 @@
-INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (1, 'admin', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,POST_CAN,PATCH_CAN,PUT_CAN,DELETE_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,POST_USER,PATCH_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp);
+INSERT INTO ops.role (id, name, permissions, created_by, updated_by, created_on, updated_on) VALUES (1, 'SYSTEM_OWNER', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,DELETE_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,POST_CAN,PATCH_CAN,PUT_CAN,DELETE_CAN,GET_DIVISION,PUT_DIVISION,PATCH_DIVISION,POST_DIVISION,DELETE_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,PUT_PORTFOLIO,PATCH_PORTFOLIO,POST_PORTFOLIO,DELETE_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,PATCH_USER,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW,GET_UPLOAD_DOCUMENT,POST_UPLOAD_DOCUMENT,PATCH_UPLOAD_DOCUMENT}', current_timestamp, current_timestamp);
 INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (2, 'user', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp);
 INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (3, 'unassigned', '{GET_USER,POST_USER,PUT_USER,PATCH_USER}', current_timestamp, current_timestamp);
 INSERT INTO ops.role (id, name, permissions, created_on, updated_on) VALUES (4, 'division-director', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp);

diff --git a/backend/data_tools/initial_data/004-role_version.sql b/backend/data_tools/initial_data/004-role_version.sql
@@ -1,4 +1,4 @@
-INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (1, 'admin', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,POST_USER,PATCH_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp, 1, null, 0);
+INSERT INTO ops.role_version (id, name, permissions, created_by, updated_by, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (1, 'SYSTEM_OWNER', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,DELETE_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,DELETE_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,POST_CAN,PATCH_CAN,PUT_CAN,DELETE_CAN,GET_DIVISION,PUT_DIVISION,PATCH_DIVISION,POST_DIVISION,DELETE_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,PUT_PORTFOLIO,PATCH_PORTFOLIO,POST_PORTFOLIO,DELETE_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,PUT_USER,PATCH_USER,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW,GET_UPLOAD_DOCUMENT,POST_UPLOAD_DOCUMENT,PATCH_UPLOAD_DOCUMENT}', current_timestamp, current_timestamp, 1, null, 0);
 INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (2, 'user', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp, 1, null, 0);
 INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (3, 'unassigned', '{GET_USER,POST_USER,PUT_USER,PATCH_USER}', current_timestamp, current_timestamp, 1, null, 0);
 INSERT INTO ops.role_version (id, name, permissions, created_on, updated_on, transaction_id, end_transaction_id, operation_type) VALUES (4, 'division-director', '{GET_AGREEMENT,PUT_AGREEMENT,PATCH_AGREEMENT,POST_AGREEMENT,GET_BUDGET_LINE_ITEM,PUT_BUDGET_LINE_ITEM,PATCH_BUDGET_LINE_ITEM,POST_BUDGET_LINE_ITEM,GET_SERVICES_COMPONENT,PUT_SERVICES_COMPONENT,PATCH_SERVICES_COMPONENT,POST_SERVICES_COMPONENT,GET_BLI_PACKAGE,PUT_BLI_PACKAGE,PATCH_BLI_PACKAGE,POST_BLI_PACKAGE,GET_CAN,GET_DIVISION,GET_NOTIFICATION,PUT_NOTIFICATION,PATCH_NOTIFICATION,GET_PORTFOLIO,GET_RESEARCH_PROJECT,POST_RESEARCH_PROJECT,GET_USER,GET_USERS,GET_HISTORY,GET_WORKFLOW,PUT_WORKFLOW,PATCH_WORKFLOW,POST_WORKFLOW,GET_CHANGE_REQUEST,PATCH_CHANGE_REQUEST,POST_CHANGE_REQUEST,GET_CHANGE_REQUEST_REVIEW,PATCH_CHANGE_REQUEST_REVIEW,POST_CHANGE_REQUEST_REVIEW}', current_timestamp, current_timestamp, 1, null, 0);

diff --git a/backend/ops_api/ops/auth/authentication_provider/fake_auth_provider.py b/backend/ops_api/ops/auth/authentication_provider/fake_auth_provider.py
@@ -13,10 +13,10 @@ def __init__(
         self.config = config
 
         self.fakeUsers = {
-            "admin_user": {
-                "given_name": "Admin",
-                "family_name": "Demo",
-                "email": "admin.demo@email.com",
+            "system_owner": {
+                "given_name": "System",
+                "family_name": "Owner",
+                "email": "system.owner@email.com",
                 "sub": "00000000-0000-1111-a111-000000000018",
             },
             "budget_team": {

diff --git a/backend/ops_api/ops/document/service.py b/backend/ops_api/ops/document/service.py
@@ -8,18 +8,18 @@
 
 
 class DocumentService:
-    def __init__(self, document_gateway: DocumentGateway, current_user_id=None, is_admin=False) -> None:
+    def __init__(self, document_gateway: DocumentGateway, current_user_id=None, is_system_owner=False) -> None:
         self.gateway = document_gateway
         self.repository = self.gateway.create_repository()
         self.current_user_id = current_user_id if current_user_id else current_user.id
-        self.is_admin_user = is_admin or ("admin" in current_user.roles if current_user else False)
+        self.is_system_owner = is_system_owner or ("SYSTEM_OWNER" in current_user.roles if current_user else False)
 
     def can_access_docs(self, agreement_id):
         """
         Check if the current user can access documents for a specific agreement.
         """
         is_agreement_user = is_user_linked_to_agreement(self.current_user_id, agreement_id)
-        return is_agreement_user or self.is_admin_user
+        return is_agreement_user or self.is_system_owner
 
     def get_documents_by_agreement_id(self, agreement_id):
         """

diff --git a/backend/ops_api/ops/resources/users.py b/backend/ops_api/ops/resources/users.py
@@ -26,8 +26,8 @@ def get(self, id: int) -> Response:
         :return: The user
 
         Business Rules:
-        - If the user is an admin, they can get the full details of any user
-        - If the user is not an admin, they can get the full details of their own user or a safe version of another user
+        - If the user is a SYSTEM_OWNER, they can get the full details of any user
+        - If the user is not a SYSTEM_OWNER, they can get the full details of their own user or a safe version of another user
         """
         with OpsEventHandler(OpsEventType.GET_USER_DETAILS) as meta:
             user: User = users_service.get_user(current_app.db_session, id=id)
@@ -113,8 +113,8 @@ def get(self) -> Response:
         :return: All users
 
         Business Rules:
-        - If the user is an admin, they can get the full details of all users
-        - If the user is not an admin, they can get the safe version of other users
+        - If the user is a SYSTEM_OWNER, they can get the full details of all users
+        - If the user is not a SYSTEM_OWNER, they can get the safe version of other users
         """
         with OpsEventHandler(OpsEventType.GET_USER_DETAILS) as meta:
             schema = QueryParameters()

diff --git a/backend/ops_api/ops/utils/users.py b/backend/ops_api/ops/utils/users.py
@@ -5,14 +5,6 @@
 from models import Role, User
 
 
-def is_admin(user: User, session: Session = None) -> bool:
-    if not session:
-        session = current_app.db_session
-
-    admin_role = session.execute(select(Role).where(Role.name == "admin")).scalar_one()
-    return admin_role in user.roles
-
-
 def is_user_admin(user: User, session: Session = None) -> bool:
     if not session:
         session = current_app.db_session

diff --git a/backend/ops_api/tests/auth/test_login.py b/backend/ops_api/tests/auth/test_login.py
@@ -9,7 +9,7 @@
 
 @pytest.fixture()
 def db_with_active_user_session(loaded_db, test_user):
-    user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
+    user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
     active_user_session_1 = UserSession(
         user_id=user.id,
         is_active=True,
@@ -63,7 +63,7 @@ def db_with_active_user_session(loaded_db, test_user):
 
 @pytest.fixture()
 def db_with_inactive_user_session(loaded_db, test_user):
-    user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
+    user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
     active_user_session_1 = UserSession(
         user_id=user.id,
         is_active=False,
@@ -118,10 +118,10 @@ def db_with_inactive_user_session(loaded_db, test_user):
 def test_login_with_no_active_session(client, loaded_db, mocker):
     # setup mocks
     m2 = mocker.patch("ops_api.ops.auth.service._get_token_and_user_data_from_internal_auth")
-    user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
+    user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
     m2.return_value = ("blah", "blah", user)
 
-    res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "admin_user"})
+    res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "basic_user"})
     assert res.status_code == 200
 
     stmt = select(UserSession).where(UserSession.user_id == user.id)
@@ -145,13 +145,13 @@ def test_login_with_active_session(client, db_with_active_user_session, mocker):
     m1.return_value = False
     m2 = mocker.patch("ops_api.ops.auth.service._get_token_and_user_data_from_internal_auth")
     user = (
-        db_with_active_user_session.execute(select(User).where(User.email == "admin[email protected]"))
+        db_with_active_user_session.execute(select(User).where(User.email == "user[email protected]"))
         .scalars()
         .one_or_none()
     )  # noqa
     m2.return_value = ("blah", "blah", user)
 
-    res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "admin_user"})
+    res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "basic_user"})
     assert res.status_code == 200
 
     stmt = select(UserSession).where(UserSession.user_id == user.id).order_by(UserSession.created_on.desc())
@@ -172,13 +172,13 @@ def test_login_with_inactive_session(client, db_with_inactive_user_session, mock
     # setup mocks
     m2 = mocker.patch("ops_api.ops.auth.service._get_token_and_user_data_from_internal_auth")
     user = (
-        db_with_inactive_user_session.execute(select(User).where(User.email == "admin[email protected]"))
+        db_with_inactive_user_session.execute(select(User).where(User.email == "user[email protected]"))
         .scalars()
         .one_or_none()
     )  # noqa
     m2.return_value = ("blah", "blah", user)
 
-    res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "admin_user"})
+    res = client.post("/auth/login/", json={"provider": "fakeauth", "code": "basic_user"})
     assert res.status_code == 200
 
     stmt = select(UserSession).where(UserSession.user_id == user.id).order_by(UserSession.created_on.desc())

diff --git a/backend/ops_api/tests/auth/test_logout.py b/backend/ops_api/tests/auth/test_logout.py
@@ -10,7 +10,7 @@
 
 @pytest.fixture()
 def db_with_active_user_session(loaded_db, test_user):
-    user = loaded_db.execute(select(User).where(User.email == "admin[email protected]")).scalars().one_or_none()
+    user = loaded_db.execute(select(User).where(User.email == "user[email protected]")).scalars().one_or_none()
     active_user_session_1 = UserSession(
         user_id=user.id,
         is_active=True,
@@ -63,12 +63,12 @@ def db_with_active_user_session(loaded_db, test_user):
 
 
 @pytest.mark.usefixtures("app_ctx")
-def test_logout(app, client, db_with_active_user_session, mocker):
+def test_logout(app, client, db_with_active_user_session):
     jwt = create_oauth_jwt(
         "fakeauth",
         app.config,
         payload={
-            "sub": "00000000-0000-1111-a111-000000000018",
+            "sub": "00000000-0000-1111-a111-000000000019",
             "iat": datetime.datetime.utcnow(),
             "exp": datetime.datetime.utcnow() + datetime.timedelta(days=1),
             "iss": app.config["AUTHLIB_OAUTH_CLIENTS"]["fakeauth"]["client_id"],
@@ -80,10 +80,10 @@ def test_logout(app, client, db_with_active_user_session, mocker):
 
     res = client.post("/auth/logout/", headers={"Authorization": f"Bearer {jwt.decode('utf-8')}"})
     assert res.status_code == 200
-    assert res.json["message"] == "User: admin[email protected] Logged out"
+    assert res.json["message"] == "User: user[email protected] Logged out"
 
     user = (
-        db_with_active_user_session.execute(select(User).where(User.email == "admin[email protected]"))
+        db_with_active_user_session.execute(select(User).where(User.email == "user[email protected]"))
         .scalars()
         .one_or_none()
     )