From 4d176cbcbbd5bd47a14b844c9932be312b92f871 Mon Sep 17 00:00:00 2001
From: Rajandeep <rajandeep.kaur@gov.bc.ca>
Date: Mon, 26 Jan 2026 13:58:47 -0800
Subject: [PATCH] Updated Fallback Logic for System Roles

---
 legal-api/src/legal_api/services/permissions.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/legal-api/src/legal_api/services/permissions.py b/legal-api/src/legal_api/services/permissions.py
index b391fd10a5..f1a5c1a9a1 100644
--- a/legal-api/src/legal_api/services/permissions.py
+++ b/legal-api/src/legal_api/services/permissions.py
@@ -118,6 +118,8 @@ def get_authorized_user_role(token_info: Optional[dict] = None) -> str:
         """Return the first matching authorized role from the JWT, based on priority."""
         role_priority = [
             authz.STAFF_ROLE,
+            authz.SYSTEM_ROLE,
+            authz.COLIN_SVC_ROLE,
             authz.SBC_STAFF_ROLE,
             authz.CONTACT_CENTRE_STAFF_ROLE,
             authz.MAXIMUS_STAFF_ROLE,
@@ -126,8 +128,11 @@ def get_authorized_user_role(token_info: Optional[dict] = None) -> str:
 
         if token_info is None:
             token_info = getattr(g, "jwt_oidc_token_info", {}) or {}
-
+        
         roles_in_token = token_info.get("realm_access", {}).get("roles", [])
+        if authz.SYSTEM_ROLE in roles_in_token or authz.COLIN_SVC_ROLE in roles_in_token:
+            return authz.STAFF_ROLE
+        
         for role in role_priority:
             if role in roles_in_token:
                 return role