test(BA-4985): add component tests for auth security management (#9873)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: jopemachine

changes/9873.test.md

@@ -0,0 +1 @@
+Add component tests for auth security management

src/ai/backend/manager/services/auth/service.py

@@ -104,15 +104,21 @@ def __init__(
     async def get_role(self, action: GetRoleAction) -> GetRoleActionResult:
         group_role = None
         if action.group_id is not None:
-            try:
-                # TODO: per-group role is not yet implemented.
-                await self._auth_repository.get_group_membership(action.group_id, action.user_id)
+            if action.is_superadmin:
+                # Superadmins have global access across all domains and groups.
                 group_role = "user"
-            except GroupMembershipNotFoundError as e:
-                raise ObjectNotFound(
-                    extra_msg="No such project or you are not the member of it.",
-                    object_name="project (user group)",
-                ) from e
+            else:
+                try:
+                    # TODO: per-group role is not yet implemented.
+                    await self._auth_repository.get_group_membership(
+                        action.group_id, action.user_id
+                    )
+                    group_role = "user"
+                except GroupMembershipNotFoundError as e:
+                    raise ObjectNotFound(
+                        extra_msg="No such project or you are not the member of it.",
+                        object_name="project (user group)",
+                    ) from e
 
         return GetRoleActionResult(
             global_role="superadmin" if action.is_superadmin else "user",