[BUG][RBAC]: Platform admin blocked by RBAC on gateway delete (allow_admin_bypass=False)

[crivetimihai]

Description

The platform admin user can create gateways via the Admin UI but cannot delete them. The delete operation returns a 403 Forbidden / "Insufficient permissions" error.

Root Cause

All /admin/* endpoints in mcpgateway/admin.py use @require_permission(..., allow_admin_bypass=False), which disables the is_admin JWT flag shortcut in PermissionService.check_permission(). This means the admin must have explicit RBAC role assignments with the required permission.

The bootstrap_default_roles() function in mcpgateway/bootstrap_db.py creates a platform_admin role with ["*"] (all permissions) and assigns it to the admin user. When this bootstrap succeeds, the admin should have gateways.delete via the * wildcard.

However, the permission check fails in practice. Possible causes:

1. Bootstrap role assignment failed silently — errors in bootstrap_default_roles are caught and logged but don't halt startup (lines 418-419, 423-426)
2. Permission cache stale/poisoned — PermissionService caches permissions for 5 minutes; if the admin's first request hits before role assignment completes, the empty permission set gets cached
3. Admin user mismatch — the UI login user (PLATFORM_ADMIN_EMAIL) may differ from the bootstrapped user, resulting in no role assignment

Affected Endpoints

All admin endpoints use allow_admin_bypass=False. Gateway-specific:

• POST /admin/gateways/{id}/delete — gateways.delete (line 9656)
• POST /admin/gateways/{id}/edit — gateways.update (line 9458)
• POST /admin/gateways — gateways.create (line 9204)

Note: gateways.create appears to work (gateways can be created), but gateways.delete fails. This suggests the issue may be specific to how the delete flow handles permissions or the form POST redirect.

Steps to Reproduce

1. Start the gateway with default configuration
2. Log in as the platform admin via the Admin UI
3. Navigate to the Gateways tab
4. Create a gateway (succeeds)
5. Click "Delete" on the gateway → 403 Forbidden

Expected Behavior

The platform admin should be able to delete gateways, since the platform_admin RBAC role has ["*"] permissions which includes gateways.delete.

Observed in

Playwright E2E test: tests/playwright/test_gateways.py::TestGatewayActions::test_delete_button_with_confirmation — currently skips with RBAC 403 detection rather than failing.

Relevant Code

• mcpgateway/admin.py:9655-9656 — delete endpoint with allow_admin_bypass=False
• mcpgateway/services/permission_service.py:69-159 — check_permission() logic
• mcpgateway/bootstrap_db.py:210-426 — role bootstrap and assignment

[crivetimihai]

Resolved in PR #2894.

Root cause: All admin UI routes use allow_admin_bypass=False, meaning the platform_admin role must be explicitly checked via RBAC rather than relying on the is_admin JWT flag. The bootstrap process was not reliably assigning the platform_admin role to the admin user, and the RBAC middleware's mutate-operation path had the same team_id resolution gap as #2883.

Fix: Hardened the bootstrap platform_admin role assignment with a DB fallback, and fixed the RBAC middleware to resolve team-scoped roles for mutate operations without an explicit team_id.

Regression tests added: Admin gateway delete test in tests/playwright/test_rbac_permissions.py (currently skipped — requires a real MCP server to create a gateway via API) + admin REST API create test (passing).