Limit admin server listings to owned and shared servers

[Zaid-L9]

Summary

• Scope browser and new-connection server lists to servers owned by the current user or explicitly shared.
• Keep the generic server access helper unchanged for direct admin/server-management flows.
• Add focused tests covering Administrator listing visibility and generic admin query behavior.

Fixes #9933

Testing

• python -m py_compile web/pgadmin/utils/server_access.py web/pgadmin/utils/tests/test_server_access.py web/pgadmin/browser/server_groups/servers/__init__.py web/pgadmin/tools/sqleditor/__init__.py
• git diff --check
• git diff -U0 | python -m pycodestyle --diff
• Standalone server access behavior harness covering Administrator group visibility, visible server query filtering, and generic admin query access.

The regression runner attempt timed out before producing test results.

Summary by CodeRabbit

• Bug Fixes

  • Improved server visibility in the browser listing to apply consistent access control rules, ensuring administrator users see only servers they own or have been explicitly granted access to, rather than all servers.

• Tests

  • Added test coverage for server visibility behavior in administrator access scenarios.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 322f5d87-8280-4132-a4f8-ed873922d5a9

📥 Commits

Reviewing files that changed from the base of the PR and between 86a8b16 and 617c8b7.

📒 Files selected for processing (4)

• web/pgadmin/browser/server_groups/servers/__init__.py
• web/pgadmin/tools/sqleditor/__init__.py
• web/pgadmin/utils/server_access.py
• web/pgadmin/utils/tests/test_server_access.py

---

Walkthrough

This PR restricts server and server-group visibility for administrator users by introducing a centralized get_visible_server_query function that filters servers to those owned by or explicitly shared with the current user, regardless of role. The browser server endpoints and SQL editor connection dialog are updated to use this query, and tests validate the new behavior.

Changes

Admin visibility enforcement in server listings

Layer / File(s)	Summary
Visibility query function and admin access rules web/pgadmin/utils/server_access.py	New get_visible_server_query centralizes browser-listing visibility (owned or shared servers) without admin privilege elevation. get_user_server_query and get_server_groups_for_user now apply visibility filtering to all users including administrators in server mode.
Server browser endpoints using visibility query web/pgadmin/browser/server_groups/servers/__init__.py	Three server-listing endpoints (ServerModule.get_nodes, ServerNode.nodes, ServerNode.list) import and use get_visible_server_query instead of prior user-only queries, changing server enumeration responses.
SQL editor new connection dialog web/pgadmin/tools/sqleditor/__init__.py	New connection server list is updated to use get_visible_server_query instead of get_user_server_query, applying consistent visibility filtering while retaining the adhoc-server exclusion.
Admin visibility behavior tests web/pgadmin/utils/tests/test_server_access.py	Three test cases validate that get_visible_server_query, get_user_server_query, and get_server_groups_for_user apply visibility filtering to administrators in server mode, confirming admins do not bypass the sharing-based visibility model.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• pgadmin-org/pgadmin4#9830: Both PRs refactor server-mode server/group enumeration to use centralized access/visibility query helpers (e.g., get_visible_server_query/get_user_server_query from utils/server_access.py) instead of user-agnostic or older per-user predicates, directly changing which servers/servers groups are returned in the server-group browser and related UI endpoints.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Limit admin server listings to owned and shared servers' directly and concisely summarizes the main change in the PR: restricting admin visibility to owned or shared servers.
Linked Issues check	✅ Passed	The PR successfully addresses issue #9933 by implementing visibility-scoped server queries via get_visible_server_query() in three key endpoints (ServerModule.get_nodes, ServerNode.nodes, ServerNode.list) and the SQL editor connection dialog, restricting admin visibility to owned or shared servers.
Out of Scope Changes check	✅ Passed	All changes are focused on limiting admin server visibility in browser listings and connection dialogs; test additions validate the new visibility behavior; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}