Limit admin server listings to owned and shared servers

[Zaid-L9]

Summary

• Scope browser and new-connection server lists to servers owned by the current user or explicitly shared.
• Keep the generic server access helper unchanged for direct admin/server-management flows.
• Add focused tests covering Administrator listing visibility and generic admin query behavior.

Fixes #9933

Testing

• python -m py_compile web/pgadmin/utils/server_access.py web/pgadmin/utils/tests/test_server_access.py web/pgadmin/browser/server_groups/servers/__init__.py web/pgadmin/tools/sqleditor/__init__.py
• git diff --check
• git diff -U0 | python -m pycodestyle --diff
• Standalone server access behavior harness covering Administrator group visibility, visible server query filtering, and generic admin query access.

The regression runner attempt timed out before producing test results.

Summary by CodeRabbit

• Bug Fixes

  • Improved server visibility in the browser listing to apply consistent access control rules, ensuring administrator users see only servers they own or have been explicitly granted access to, rather than all servers.

• Tests

  • Added test coverage for server visibility behavior in administrator access scenarios.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 322f5d87-8280-4132-a4f8-ed873922d5a9

📥 Commits

Reviewing files that changed from the base of the PR and between 86a8b16 and 617c8b7.

📒 Files selected for processing (4)

• web/pgadmin/browser/server_groups/servers/__init__.py
• web/pgadmin/tools/sqleditor/__init__.py
• web/pgadmin/utils/server_access.py
• web/pgadmin/utils/tests/test_server_access.py

---

Walkthrough

This PR restricts server and server-group visibility for administrator users by introducing a centralized get_visible_server_query function that filters servers to those owned by or explicitly shared with the current user, regardless of role. The browser server endpoints and SQL editor connection dialog are updated to use this query, and tests validate the new behavior.

Changes

Admin visibility enforcement in server listings

Layer / File(s)	Summary
Visibility query function and admin access rules web/pgadmin/utils/server_access.py	New get_visible_server_query centralizes browser-listing visibility (owned or shared servers) without admin privilege elevation. get_user_server_query and get_server_groups_for_user now apply visibility filtering to all users including administrators in server mode.
Server browser endpoints using visibility query web/pgadmin/browser/server_groups/servers/__init__.py	Three server-listing endpoints (ServerModule.get_nodes, ServerNode.nodes, ServerNode.list) import and use get_visible_server_query instead of prior user-only queries, changing server enumeration responses.
SQL editor new connection dialog web/pgadmin/tools/sqleditor/__init__.py	New connection server list is updated to use get_visible_server_query instead of get_user_server_query, applying consistent visibility filtering while retaining the adhoc-server exclusion.
Admin visibility behavior tests web/pgadmin/utils/tests/test_server_access.py	Three test cases validate that get_visible_server_query, get_user_server_query, and get_server_groups_for_user apply visibility filtering to administrators in server mode, confirming admins do not bypass the sharing-based visibility model.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• pgadmin-org/pgadmin4#9830: Both PRs refactor server-mode server/group enumeration to use centralized access/visibility query helpers (e.g., get_visible_server_query/get_user_server_query from utils/server_access.py) instead of user-agnostic or older per-user predicates, directly changing which servers/servers groups are returned in the server-group browser and related UI endpoints.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Limit admin server listings to owned and shared servers' directly and concisely summarizes the main change in the PR: restricting admin visibility to owned or shared servers.
Linked Issues check	✅ Passed	The PR successfully addresses issue #9933 by implementing visibility-scoped server queries via get_visible_server_query() in three key endpoints (ServerModule.get_nodes, ServerNode.nodes, ServerNode.list) and the SQL editor connection dialog, restricting admin visibility to owned or shared servers.
Out of Scope Changes check	✅ Passed	All changes are focused on limiting admin server visibility in browser listings and connection dialogs; test additions validate the new visibility behavior; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[blaargh]

why was this closed? It's extremely stupid that I now see ALL users servers with my admin user??

[asheshv]

For anyone landing here from a search (particularly @blaargh whose comment is above) — context on what happened and where things stand:

The underlying bug has been fixed, just not by this PR.

• This PR (Limit admin server listings to owned and shared servers #9953) was closed without merge on 2026-05-21. I don't have visibility into the maintainer's reasoning for that specific close.
• The actual fix landed two weeks later as PR fix: remove admin bypass from server access helpers (#9933) #10006 (merged 2026-06-06): "fix: remove admin bypass from server access helpers (Admin sees all user servers in object explorer #9933)". It's a smaller, more surgical change — removes four _is_admin() bypasses in web/pgadmin/utils/server_access.py and adds a regression test for the admin→non-admin direction (the existing tests only covered non-admin→admin, which is why the bug slipped through CI in the first place).
• Issue Admin sees all user servers in object explorer #9933 is now closed as fixed by that merge.

So if you're seeing this on pgAdmin 9.15 — the bug is still there, because 9.15 was released before the fix landed. The fix will be in 9.16 when that releases. There's no clean workaround for 9.15 short of patching server_access.py manually with the #10006 diff.

To @Zaid-L9: thanks for the contribution attempt — it's a real bug you correctly identified. The maintainer team's eventual fix took a different approach (removing the four targeted bypasses rather than introducing a new visibility-query function), but your PR's existence and analysis helped surface that the bug needed attention.

To @blaargh: your June 2 comment was a fair frustration at the time — the bug WAS still in master then, and pgAdmin had been broken for admin users since 9.15. As of June 6 it's fixed on master; it'll be in the next release.