feat: platform roles reworked (AAI-467)

[marius-mather]

Description

AAI-467: reworking #112 . linking roles to platforms via ID this time, so we don't run into the same issue with migrations. Have also added default admin roles to Auth0 via the infra deployment code, so each platform should have an associated admin role.

Changes

• Rework platform model so foreign key is on role ID
• Remove unique constraint on role name (can be violated if roles are deleted then recreated in Auth0)
• Refactor existing syncing to be more readable
• Add syncing of platform memberships
• Unit test of platform membership syncing

How to test

Run uv run pytest

[amandazhuyilan]

Looks good - nothing standing out to me, lets merge it and see!

[Copilot]

Pull Request Overview

This PR implements platform role management by adding support for platform-specific Auth0 roles, syncing platform memberships from Auth0, and updating the registration flows to use these roles. The changes enable platforms to have associated Auth0 roles that grant access, and introduce auto-approval logic for both group and platform memberships.

Key changes:

• Added platform role support with database schema migration and sync tasks
• Refactored biocommons registration to use bundle configuration with auto-approval settings
• Updated all registration endpoints to assign Auth0 roles when auto-approving platform memberships

Reviewed Changes

Copilot reviewed 19 out of 19 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
migrations/versions/4594b458279c_platform_roles.py	Adds migration for platform role_id foreign key
schemas/auth0.py	New file with regex patterns and helpers to extract platform/group IDs from Auth0 role names
db/models.py	Adds platform_role relationship, role assignment methods, and platform creation from Auth0 roles
scheduled_tasks/tasks.py	Splits user-role sync into separate group and platform membership syncs, adds platform population task
scheduled_tasks/scheduler.py	Uses MemoryJobStore for SQLite to avoid locking issues
run_scheduler.py	Adds new sync_platform_user_roles and populate_platforms_from_auth0 scheduled jobs
routers/biocommons_register.py	Refactors to use BiocommonsBundle class with configurable auto-approval for groups/platforms
routers/biocommons_admin.py	Adds endpoint to set platform admin roles and updates platform creation to include role_name
routers/galaxy_register.py	Updates to pass auth0_client when creating platform memberships
routers/bpa_register.py	Updates to pass auth0_client when creating platform memberships
routers/sbp_register.py	Updates to pass auth0_client when creating platform memberships
tests/test_biocommons_register.py	Updates tests to use bundle.create_user_record and adds platform fixtures
tests/test_biocommons_admin.py	Adds tests for set_admin_roles endpoint and galaxy_platform fixture
tests/test_galaxy.py	Adds galaxy_platform fixture for tests
tests/test_bpa_register.py	Adds bpa_platform fixture for tests
tests/test_sbp_register.py	Adds sbp_platform fixture for tests
tests/test_admin_user_filters.py	Updates to use PlatformMembershipFactory instead of add_platform_membership
tests/scheduled_tasks/test_tasks.py	Renames sync function tests and adds test for platform membership sync
tests/db/test_models.py	Updates platform creation tests to include required role_name

[Copilot]

Pull Request Overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 12 comments.

[amandazhuyilan]

Approved!