Remove special permission access for annotate endpoint

src/api/endpoints/annotate/routes.py

@@ -15,7 +15,7 @@
 from src.core.core import AsyncCore
 from src.db.queries.implementations.anonymous_session import MakeAnonymousSessionQueryBuilder
 from src.security.dtos.access_info import AccessInfo
-from src.security.manager import get_access_info
+from src.security.manager import get_access_info, get_standard_user_access_info
 
 annotate_router = APIRouter(
     prefix="/annotate",
@@ -76,7 +76,7 @@ async def annotate_url_for_all_annotations_and_get_next_url_anonymous(
 
 @annotate_router.get("/all")
 async def get_next_url_for_all_annotations(
-        access_info: AccessInfo = Depends(get_access_info),
+        access_info: AccessInfo = Depends(get_standard_user_access_info),
         async_core: AsyncCore = Depends(get_async_core),
         batch_id: int | None = batch_query,
         anno_url_id: int | None = url_id_query
@@ -92,7 +92,7 @@ async def annotate_url_for_all_annotations_and_get_next_url(
         url_id: int,
         all_annotation_post_info: AllAnnotationPostInfo,
         async_core: AsyncCore = Depends(get_async_core),
-        access_info: AccessInfo = Depends(get_access_info),
+        access_info: AccessInfo = Depends(get_standard_user_access_info),
         batch_id: int | None = batch_query,
         anno_url_id: int | None = url_id_query
 ) -> GetNextURLForAllAnnotationResponse:

src/security/manager.py

@@ -69,6 +69,11 @@
 ) -> AccessInfo:
     return SecurityManager().check_access(token, Permissions.SOURCE_COLLECTOR)
 
+def get_standard_user_access_info(
+        token: Annotated[str, Depends(oauth2_scheme)]
+) -> AccessInfo:
+    return SecurityManager().validate_token(token)
+
 def require_permission(permission: Permissions):
     def dependency(token: Annotated[str, Depends(oauth2_scheme)]) -> AccessInfo:
         return SecurityManager().check_access(token, permission=permission)

tests/automated/integration/conftest.py

@@ -19,7 +19,7 @@
 from src.db.models.impl.url.core.sqlalchemy import URL
 from src.security.dtos.access_info import AccessInfo
 from src.security.enums import Permissions
-from src.security.manager import get_access_info
+from src.security.manager import get_access_info, get_standard_user_access_info
 from tests.automated.integration.api._helpers.RequestValidator import RequestValidator
 from tests.helpers.api_test_helper import APITestHelper
 from tests.helpers.data_creator.core import DBDataCreator
@@ -135,6 +135,7 @@ def override_access_info() -> AccessInfo:
 def client(disable_task_flags) -> Generator[TestClient, None, None]:
     with TestClient(app) as c:
         app.dependency_overrides[get_access_info] = override_access_info
+        app.dependency_overrides[get_standard_user_access_info] = override_access_info
         async_core: AsyncCore = c.app.state.async_core
 
         # Interfaces to the web should be mocked