From 3996879e6feeb53543ed865df6cf27f48f764810 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Fri, 19 Jul 2024 13:15:09 -0400
Subject: [PATCH 01/12] [BI-1692] - Change Domain of Roles

---
 .../api/auth/ProgramSecuredRole.java          |  6 ++--
 .../api/auth/ProgramSecuredRoleGroup.java     |  2 +-
 .../controller/BreedingMethodController.java  |  6 ++--
 .../api/v1/controller/OntologyController.java | 10 +++----
 .../api/v1/controller/ProgramController.java  | 14 +++++-----
 .../api/v1/controller/TraitController.java    |  6 ++--
 .../v1/controller/TraitUploadController.java  | 10 +++----
 .../geno/GenotypeDataUploadController.java    |  2 +-
 .../controllers/ImportController.java         |  2 +-
 .../controllers/UploadController.java         | 12 ++++----
 .../db/migration/V1.24.0__update_roles.sql    | 28 +++++++++++++++++++
 11 files changed, 63 insertions(+), 35 deletions(-)
 create mode 100644 src/main/resources/db/migration/V1.24.0__update_roles.sql

diff --git a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
index 4294a1f7e..ad3729645 100644
--- a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
+++ b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
@@ -18,9 +18,9 @@
 package org.breedinginsight.api.auth;
 
 public enum ProgramSecuredRole {
-    MEMBER("member"),
-    BREEDER("breeder"),
-    SYSTEM_ADMIN("admin");
+    READ_ONLY("Read Only"),
+    PROGRAM_ADMIN("Program Administrator"),
+    SYSTEM_ADMIN("System Administrator");
 
     private String domain;
 
diff --git a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java
index 8daf522e7..37e657a32 100644
--- a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java
+++ b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java
@@ -22,7 +22,7 @@
 import java.util.List;
 
 public enum ProgramSecuredRoleGroup {
-    ALL_PROGRAM_ROLES(List.of(ProgramSecuredRole.MEMBER, ProgramSecuredRole.BREEDER)),
+    ALL_PROGRAM_ROLES(List.of(ProgramSecuredRole.READ_ONLY, ProgramSecuredRole.PROGRAM_ADMIN)),
     ALL(ListUtils.union(ALL_PROGRAM_ROLES.getProgramRoles(), List.of(ProgramSecuredRole.SYSTEM_ADMIN)));
 
     private List<ProgramSecuredRole> programRoles;
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java b/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java
index 9d80f9115..e92e11fb2 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java
@@ -58,7 +58,7 @@ public HttpResponse<Response<DataResponse<ProgramBreedingMethodEntity>>> getSyst
 
     @Post("programs/{programId}/breeding-methods")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<?> createProgramBreedingMethod(@PathVariable UUID programId, @Body ProgramBreedingMethodEntity breedingMethod) throws ApiException{
         log.debug("Saving new program breeding method");
 
@@ -106,7 +106,7 @@ public HttpResponse<Response<DataResponse<ProgramBreedingMethodEntity>>> getProg
 
     @Put("programs/{programId}/breeding-methods/{breedingMethodId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<?> updateProgramBreedingMethod(@PathVariable UUID programId, @PathVariable UUID breedingMethodId, @Body ProgramBreedingMethodEntity breedingMethod) throws ApiException {
         log.debug("Saving new program breeding method");
 
@@ -152,7 +152,7 @@ public HttpResponse enableSystemBreedingMethods(@PathVariable UUID programId, @B
     }
 
     @Delete("programs/{programId}/breeding-methods/{breedingMethodId}")
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse deleteProgramBreedingMethod(@PathVariable UUID programId, @PathVariable UUID breedingMethodId) throws BadRequestException, ApiException {
         try {
             AuthenticatedUser user = securityService.getUser();
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java b/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java
index b4d675075..0644bc1c5 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java
@@ -65,7 +65,7 @@ public OntologyController(SecurityService securityService, OntologyService ontol
     @Get("/programs/{programId}/ontology/shared/programs{?shared}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<DataResponse<SharedOntology>>> getAvailablePrograms(
             @PathVariable UUID programId, @QueryValue(defaultValue = "false") Boolean shared) {
         try {
@@ -97,7 +97,7 @@ public HttpResponse<Response<DataResponse<SharedOntology>>> getAvailablePrograms
      */
     @Post("/programs/{programId}/ontology/shared/programs")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<DataResponse<SharedOntology>>> shareOntology(
             @PathVariable UUID programId, @Body List<SharedOntologyProgramRequest> request) {
         try {
@@ -131,7 +131,7 @@ public HttpResponse<Response<DataResponse<SharedOntology>>> shareOntology(
      */
     @Delete("/programs/{programId}/ontology/shared/programs/{sharedProgramId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse revokeOntology(
             @PathVariable UUID programId, @PathVariable UUID sharedProgramId) {
         try {
@@ -156,7 +156,7 @@ public HttpResponse revokeOntology(
     @Put("/programs/{programId}/ontology/subscribe/{sharingProgramId}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<SubscribedOntology>> subscribeOntology(
             @PathVariable UUID programId, @PathVariable UUID sharingProgramId) {
         try {
@@ -181,7 +181,7 @@ public HttpResponse<Response<SubscribedOntology>> subscribeOntology(
      */
     @Delete("/programs/{programId}/ontology/subscribe/{sharingProgramId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse unsubscribeOntology(
             @PathVariable UUID programId, @PathVariable UUID sharingProgramId) {
         try {
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
index fedcbd751..edeeff027 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
@@ -142,7 +142,7 @@ public HttpResponse<Response<Program>> createProgram(@Valid @Body ProgramRequest
 
     @Put("/programs/{programId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     @AddMetadata
     public HttpResponse<Response<Program>> updateProgram(@PathVariable UUID programId, @Valid @Body ProgramRequest programRequest) {
 
@@ -229,7 +229,7 @@ public HttpResponse<Response<ProgramUser>> getProgramUser(@PathVariable UUID pro
     @Post("/programs/{programId}/users")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ProgramUser>> addProgramUser(@PathVariable UUID programId, @Valid @Body ProgramUserRequest programUserRequest) {
         /* Add a user to a program. Create the user if they don't exist. */
 
@@ -253,7 +253,7 @@ public HttpResponse<Response<ProgramUser>> addProgramUser(@PathVariable UUID pro
     @Put("/programs/{programId}/users/{userId}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.SYSTEM_ADMIN, ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.SYSTEM_ADMIN, ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUser>> updateProgramUser(@PathVariable UUID programId, @PathVariable UUID userId,
                                                                  @Valid @Body ProgramUserRequest programUserRequest) {
         try {
@@ -278,7 +278,7 @@ public HttpResponse<Response<ProgramUser>> updateProgramUser(@PathVariable UUID
 
     @Delete("/programs/{programId}/users/{userId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse archiveProgramUser(@PathVariable UUID programId, @PathVariable UUID userId) {
 
         try {
@@ -359,7 +359,7 @@ public HttpResponse<Response<ProgramLocation>> getProgramLocations(@PathVariable
     @Post("/programs/{programId}/locations")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramLocation>> addProgramLocation(@PathVariable UUID programId,
                                                                       @Valid @Body ProgramLocationRequest locationRequest) {
 
@@ -383,7 +383,7 @@ public HttpResponse<Response<ProgramLocation>> addProgramLocation(@PathVariable
     @Put("/programs/{programId}/locations/{locationId}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<Program>> updateProgramLocation(@PathVariable UUID programId,
                                                                  @PathVariable UUID locationId,
                                                                  @Valid @Body ProgramLocationRequest locationRequest) {
@@ -407,7 +407,7 @@ public HttpResponse<Response<Program>> updateProgramLocation(@PathVariable UUID
 
     @Delete("/programs/{programId}/locations/{locationId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse archiveProgramLocation(@PathVariable UUID programId,
                                               @PathVariable UUID locationId) {
 
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java b/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java
index 3e6e1869c..775bcc859 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java
@@ -162,7 +162,7 @@ public HttpResponse<Response<Editable>> getTraitEditable(@PathVariable UUID prog
 
     @Post("/programs/{programId}/traits")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse createTraits(@PathVariable UUID programId, @Body @Valid List<Trait> traits) {
         AuthenticatedUser actingUser = securityService.getUser();
         try {
@@ -190,7 +190,7 @@ public HttpResponse createTraits(@PathVariable UUID programId, @Body @Valid List
 
     @Put("/programs/{programId}/traits")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse updateTraits(@PathVariable UUID programId, @Body @Valid List<Trait> traits) {
         AuthenticatedUser actingUser = securityService.getUser();
         try {
@@ -219,7 +219,7 @@ public HttpResponse updateTraits(@PathVariable UUID programId, @Body @Valid List
     @Put("/programs/{programId}/traits/{traitId}/archive{?active}")
     @AddMetadata
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<Trait>> archiveTrait(@PathVariable UUID programId, @PathVariable UUID traitId, @QueryValue(defaultValue = "false") Boolean active) {
 
         AuthenticatedUser actingUser = securityService.getUser();
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java b/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java
index 59bbd7280..4a7e8eb30 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java
@@ -65,7 +65,7 @@ public TraitUploadController(TraitUploadService traitUploadService, SecurityServ
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUpload>> putTraitUpload(@PathVariable UUID programId, @Part CompletedFileUpload file) {
 
         try {
@@ -94,7 +94,7 @@ public HttpResponse<Response<ProgramUpload>> putTraitUpload(@PathVariable UUID p
 
     @Get("/programs/{programId}/trait-upload{?queryParams*}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUpload>> getTraitUpload(
             @PathVariable UUID programId,
             @QueryValue @QueryValid(using = TraitQueryMapper.class) @Valid QueryParams queryParams) {
@@ -112,7 +112,7 @@ public HttpResponse<Response<ProgramUpload>> getTraitUpload(
 
     @Post("/programs/{programId}/trait-upload/search{?queryParams*}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUpload>> searchTraitUpload(
             @PathVariable UUID programId,
             @QueryValue @QueryValid(using = TraitQueryMapper.class) @Valid QueryParams queryParams,
@@ -131,7 +131,7 @@ public HttpResponse<Response<ProgramUpload>> searchTraitUpload(
 
     @Delete("/programs/{programId}/trait-upload")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse deleteTraitUpload(@PathVariable UUID programId) {
 
         try {
@@ -147,7 +147,7 @@ public HttpResponse deleteTraitUpload(@PathVariable UUID programId) {
 
     @Post("/programs/{programId}/trait-upload/{traitUploadId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse confirmTraitUpload(@PathVariable UUID programId,
                                            @PathVariable UUID traitUploadId) {
         try {
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java b/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java
index 5977bd504..df6615458 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java
@@ -36,7 +36,7 @@ public GenotypeDataUploadController(GenotypeService genoService, SecurityService
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ImportResponse>> uploadData(@PathVariable UUID programId, @PathVariable UUID experimentId, @Part("file") CompletedFileUpload upload) {
         AuthenticatedUser actingUser = securityService.getUser();
         try {
diff --git a/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java b/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java
index c9ea3ec39..9555c3856 100644
--- a/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java
+++ b/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java
@@ -84,7 +84,7 @@ public HttpResponse<Response<DataResponse<ImportConfigResponse>>> getImportTypes
     @Get("/programs/{programId}/import/mappings{?draft}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<DataResponse<ImportMapping>>> getMappings(@PathVariable UUID programId,
                                                                            @QueryValue(defaultValue = "false") Boolean draft) {
 
diff --git a/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java b/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java
index 74928dc10..9298e80fa 100644
--- a/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java
+++ b/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java
@@ -56,7 +56,7 @@ public class UploadController {
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> uploadData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @Part("file") CompletedFileUpload file) {
         try {
@@ -88,7 +88,7 @@ public HttpResponse<Response<ImportResponse>> uploadData(@PathVariable UUID prog
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> getUploadData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @PathVariable UUID uploadId, @QueryValue(defaultValue = "false") Boolean mapping) {
         try {
@@ -109,7 +109,7 @@ public HttpResponse<Response<ImportResponse>> getUploadData(@PathVariable UUID p
     @Put("programs/{programId}/import/mappings/{mappingId}/data/{uploadId}/commit")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> commitData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @PathVariable UUID uploadId, @Body @Nullable Map<String, Object> userInput) {
         try {
@@ -135,7 +135,7 @@ public HttpResponse<Response<ImportResponse>> commitData(@PathVariable UUID prog
     @Put("programs/{programId}/import/mappings/{mappingId}/data/{uploadId}/preview")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                               @PathVariable UUID uploadId) {
         try {
@@ -161,7 +161,7 @@ public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID pro
     @Put("programs/{programId}/import/mappings/{mappingId}/workflows/{workflow}/data/{uploadId}/preview")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                               @PathVariable String workflow, @PathVariable UUID uploadId) {
         try {
@@ -187,7 +187,7 @@ public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID pro
     @Put("programs/{programId}/import/mappings/{mappingId}/workflows/{workflow}/data/{uploadId}/commit")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> commitData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @PathVariable String workflow, @PathVariable UUID uploadId,
                                                              @Body @Nullable Map<String, Object> userInput) {
diff --git a/src/main/resources/db/migration/V1.24.0__update_roles.sql b/src/main/resources/db/migration/V1.24.0__update_roles.sql
new file mode 100644
index 000000000..ff4f7b738
--- /dev/null
+++ b/src/main/resources/db/migration/V1.24.0__update_roles.sql
@@ -0,0 +1,28 @@
+/*
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+UPDATE system_role
+SET domain = 'System Administrator'
+WHERE domain = 'admin';
+
+UPDATE role
+SET domain = 'Program Administrator'
+WHERE domain = 'breeder';
+
+UPDATE role
+SET domain = 'Read Only'
+WHERE domain = 'member';
\ No newline at end of file

From e0580698573db1ae1ba15762abe1114ebcfe188f Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Fri, 19 Jul 2024 17:34:29 -0400
Subject: [PATCH 02/12] [BI-1692] - Unit Test Fixes

---
 .../controller/ProgramControllerIntegrationTest.java |  2 +-
 ...ObservationVariablesControllerIntegrationTest.sql |  6 +++---
 .../sql/ProgramControllerIntegrationTest.sql         |  8 ++++----
 .../ProgramSecuredAnnotationRuleIntegrationTest.sql  |  6 +++---
 .../resources/sql/UserControllerIntegrationTest.sql  | 12 ++++++------
 5 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
index f9367c6db..290f3161a 100644
--- a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
+++ b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
@@ -289,7 +289,7 @@ public Species getTestSpecies() {
 
     public Role getTestRole() {
         List<Role> roles = roleService.getAll();
-        return roles.stream().filter(role -> role.getDomain().equals("breeder")).collect(Collectors.toList()).get(0);
+        return roles.stream().filter(role -> role.getDomain().equals("Program Administrator")).collect(Collectors.toList()).get(0);
     }
 
     public Country getTestCountry() {
diff --git a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
index 42e5193e5..a76993678 100644
--- a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
+++ b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
@@ -35,14 +35,14 @@ join bi_user on bi_user.name = 'system' and program.name = 'Test Program' limit
 insert into program_user_role (program_id, user_id, role_id, created_by, updated_by)
 select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user
 join program on program.name = 'Test Program'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where bi_user.name = 'Test User'
 
 -- name: InsertOtherTestProgramUser
 insert into program_user_role (program_id, user_id, role_id, created_by, updated_by)
 select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user
 join program on program.name = 'Test Program'
-join role on role.domain = 'member'
+join role on role.domain = 'Read only'
 where bi_user.name = 'Other Test User'
 
 -- name: InsertOtherProgram
@@ -64,6 +64,6 @@ join bi_user on bi_user.name = 'system' and program.name = 'Other Test Program'
 insert into program_user_role (program_id, user_id, role_id, created_by, updated_by)
 select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user
 join program on program.name = 'Other Test Program'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where bi_user.name = 'Other Test User'
 
diff --git a/src/test/resources/sql/ProgramControllerIntegrationTest.sql b/src/test/resources/sql/ProgramControllerIntegrationTest.sql
index 0c05b39d3..a1da2c56a 100644
--- a/src/test/resources/sql/ProgramControllerIntegrationTest.sql
+++ b/src/test/resources/sql/ProgramControllerIntegrationTest.sql
@@ -82,7 +82,7 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where
 bi_user.name like 'user1%';
 
@@ -91,7 +91,7 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where
 bi_user.name like 'user2%';
 
@@ -100,7 +100,7 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where
 bi_user.name like 'user2%';
 
@@ -109,6 +109,6 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where
 bi_user.name like 'user9';
\ No newline at end of file
diff --git a/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql b/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql
index 221d11009..17f08c19d 100644
--- a/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql
+++ b/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql
@@ -41,7 +41,7 @@ select
 ?::uuid, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member';
+join role on role.domain = 'Read Only';
 
 -- name: InsertProgramRolesBreeder
 
@@ -50,7 +50,7 @@ select
 ?::uuid, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where bi_user.name = 'system';
 
 -- name: InsertSystemRoleAdmin
@@ -60,6 +60,6 @@ select ?::uuid, system_role.id, bi_user.id, bi_user.id
 from
 bi_user
 join
-system_role on system_role.domain = 'admin'
+system_role on system_role.domain = 'System Administrator'
 where bi_user.name = 'system';
 
diff --git a/src/test/resources/sql/UserControllerIntegrationTest.sql b/src/test/resources/sql/UserControllerIntegrationTest.sql
index 4363f73a3..55cafed8d 100644
--- a/src/test/resources/sql/UserControllerIntegrationTest.sql
+++ b/src/test/resources/sql/UserControllerIntegrationTest.sql
@@ -30,7 +30,7 @@ insert into program_user_role (program_id, user_id, role_id, created_by, updated
 select program.id, bi_user.id, role.id, system_user.id, system_user.id
 from program
 join bi_user on bi_user.name = 'Test User' or bi_user.name = 'Other Test User'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 join bi_user as system_user on system_user.name = 'system'
 where program.name = 'Test Program';
 
@@ -38,7 +38,7 @@ insert into program_user_role (program_id, user_id, role_id, active, created_by,
 select program.id, bi_user.id, role.id, false, system_user.id, system_user.id
 from program
 join bi_user on bi_user.name = 'Test User' or bi_user.name = 'Other Test User'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 join bi_user as system_user on system_user.name = 'system'
 where program.name = 'Test Program1';
 
@@ -98,7 +98,7 @@ values
 
 insert into system_user_role (bi_user_id, system_role_id, created_by, updated_by)
 select bi_user.id, system_role.id, user_id, user_id from bi_user
-join system_role on system_role.domain = 'admin' where bi_user.name like 'user1%';
+join system_role on system_role.domain = 'System Administrator' where bi_user.name like 'user1%';
 
 
 insert into program_user_role (user_id, program_id, role_id, created_by, updated_by)
@@ -106,7 +106,7 @@ select
 bi_user.id, program1, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where
 bi_user.name like 'user%';
 
@@ -115,7 +115,7 @@ select
 bi_user.id, program2, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where
 bi_user.name like 'user2%';
 
@@ -132,5 +132,5 @@ select ?::uuid, system_role.id, bi_user.id, bi_user.id
 from
 bi_user
 join
-system_role on system_role.domain = 'admin'
+system_role on system_role.domain = 'System Administrator'
 where bi_user.name = 'system';
\ No newline at end of file

From 7f6b530df96718de0272a622a67ed59781bffed0 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Tue, 23 Jul 2024 12:00:06 -0400
Subject: [PATCH 03/12] [BI-1692] - Missed Role Changes

---
 .../api/v1/controller/ProgramController.java                | 4 ++--
 .../breedinginsight/api/v1/controller/UserController.java   | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
index edeeff027..8fe584a76 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
@@ -122,7 +122,7 @@ public HttpResponse<Response<Program>> getProgram(@PathVariable UUID programId)
 
     @Post("/programs")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     @AddMetadata
     public HttpResponse<Response<Program>> createProgram(@Valid @Body ProgramRequest programRequest) {
 
@@ -162,7 +162,7 @@ public HttpResponse<Response<Program>> updateProgram(@PathVariable UUID programI
 
     @Delete("/programs/archive/{programId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     @AddMetadata
     public HttpResponse archiveProgram(@PathVariable UUID programId) {
         /* Archive a program */
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
index 360379a49..de9b563ea 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
@@ -123,7 +123,7 @@ public HttpResponse<Response<DataResponse<Program>>> postUsersSearch(
     @Post("/users")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     public HttpResponse<Response<User>> createUser(@Body @Valid UserRequest requestUser){
 
         try {
@@ -165,7 +165,7 @@ public HttpResponse<Response<User>> updateUser(@PathVariable UUID userId, @Body
 
     @Delete("/users/{userId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     public HttpResponse archiveUser(@PathVariable UUID userId){
 
         try {
@@ -206,7 +206,7 @@ public HttpResponse<Response<User>> updateUserSystemRoles(@PathVariable UUID use
 
     @Put("users/{userId}/resend-email")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     public HttpResponse resendWelcomeEmail(@PathVariable UUID userId) {
         try {
             userService.createAndSendAccountToken(userId);

From 77d9b2a4a09a92f2731714a092543c40b51e5b1b Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Fri, 19 Jul 2024 13:15:09 -0400
Subject: [PATCH 04/12] [BI-1692] - Change Domain of Roles

---
 .../api/auth/ProgramSecuredRole.java          |  6 ++--
 .../api/auth/ProgramSecuredRoleGroup.java     |  2 +-
 .../controller/BreedingMethodController.java  |  6 ++--
 .../api/v1/controller/OntologyController.java | 10 +++----
 .../api/v1/controller/ProgramController.java  | 14 +++++-----
 .../api/v1/controller/TraitController.java    |  6 ++--
 .../v1/controller/TraitUploadController.java  | 10 +++----
 .../geno/GenotypeDataUploadController.java    |  2 +-
 .../controllers/ImportController.java         |  2 +-
 .../controllers/UploadController.java         | 12 ++++----
 .../db/migration/V1.24.0__update_roles.sql    | 28 +++++++++++++++++++
 11 files changed, 63 insertions(+), 35 deletions(-)
 create mode 100644 src/main/resources/db/migration/V1.24.0__update_roles.sql

diff --git a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
index 4294a1f7e..ad3729645 100644
--- a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
+++ b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
@@ -18,9 +18,9 @@
 package org.breedinginsight.api.auth;
 
 public enum ProgramSecuredRole {
-    MEMBER("member"),
-    BREEDER("breeder"),
-    SYSTEM_ADMIN("admin");
+    READ_ONLY("Read Only"),
+    PROGRAM_ADMIN("Program Administrator"),
+    SYSTEM_ADMIN("System Administrator");
 
     private String domain;
 
diff --git a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java
index 8daf522e7..37e657a32 100644
--- a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java
+++ b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRoleGroup.java
@@ -22,7 +22,7 @@
 import java.util.List;
 
 public enum ProgramSecuredRoleGroup {
-    ALL_PROGRAM_ROLES(List.of(ProgramSecuredRole.MEMBER, ProgramSecuredRole.BREEDER)),
+    ALL_PROGRAM_ROLES(List.of(ProgramSecuredRole.READ_ONLY, ProgramSecuredRole.PROGRAM_ADMIN)),
     ALL(ListUtils.union(ALL_PROGRAM_ROLES.getProgramRoles(), List.of(ProgramSecuredRole.SYSTEM_ADMIN)));
 
     private List<ProgramSecuredRole> programRoles;
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java b/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java
index 9d80f9115..e92e11fb2 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/BreedingMethodController.java
@@ -58,7 +58,7 @@ public HttpResponse<Response<DataResponse<ProgramBreedingMethodEntity>>> getSyst
 
     @Post("programs/{programId}/breeding-methods")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<?> createProgramBreedingMethod(@PathVariable UUID programId, @Body ProgramBreedingMethodEntity breedingMethod) throws ApiException{
         log.debug("Saving new program breeding method");
 
@@ -106,7 +106,7 @@ public HttpResponse<Response<DataResponse<ProgramBreedingMethodEntity>>> getProg
 
     @Put("programs/{programId}/breeding-methods/{breedingMethodId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<?> updateProgramBreedingMethod(@PathVariable UUID programId, @PathVariable UUID breedingMethodId, @Body ProgramBreedingMethodEntity breedingMethod) throws ApiException {
         log.debug("Saving new program breeding method");
 
@@ -152,7 +152,7 @@ public HttpResponse enableSystemBreedingMethods(@PathVariable UUID programId, @B
     }
 
     @Delete("programs/{programId}/breeding-methods/{breedingMethodId}")
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse deleteProgramBreedingMethod(@PathVariable UUID programId, @PathVariable UUID breedingMethodId) throws BadRequestException, ApiException {
         try {
             AuthenticatedUser user = securityService.getUser();
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java b/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java
index b4d675075..0644bc1c5 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/OntologyController.java
@@ -65,7 +65,7 @@ public OntologyController(SecurityService securityService, OntologyService ontol
     @Get("/programs/{programId}/ontology/shared/programs{?shared}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<DataResponse<SharedOntology>>> getAvailablePrograms(
             @PathVariable UUID programId, @QueryValue(defaultValue = "false") Boolean shared) {
         try {
@@ -97,7 +97,7 @@ public HttpResponse<Response<DataResponse<SharedOntology>>> getAvailablePrograms
      */
     @Post("/programs/{programId}/ontology/shared/programs")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<DataResponse<SharedOntology>>> shareOntology(
             @PathVariable UUID programId, @Body List<SharedOntologyProgramRequest> request) {
         try {
@@ -131,7 +131,7 @@ public HttpResponse<Response<DataResponse<SharedOntology>>> shareOntology(
      */
     @Delete("/programs/{programId}/ontology/shared/programs/{sharedProgramId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse revokeOntology(
             @PathVariable UUID programId, @PathVariable UUID sharedProgramId) {
         try {
@@ -156,7 +156,7 @@ public HttpResponse revokeOntology(
     @Put("/programs/{programId}/ontology/subscribe/{sharingProgramId}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<SubscribedOntology>> subscribeOntology(
             @PathVariable UUID programId, @PathVariable UUID sharingProgramId) {
         try {
@@ -181,7 +181,7 @@ public HttpResponse<Response<SubscribedOntology>> subscribeOntology(
      */
     @Delete("/programs/{programId}/ontology/subscribe/{sharingProgramId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse unsubscribeOntology(
             @PathVariable UUID programId, @PathVariable UUID sharingProgramId) {
         try {
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
index fedcbd751..edeeff027 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
@@ -142,7 +142,7 @@ public HttpResponse<Response<Program>> createProgram(@Valid @Body ProgramRequest
 
     @Put("/programs/{programId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     @AddMetadata
     public HttpResponse<Response<Program>> updateProgram(@PathVariable UUID programId, @Valid @Body ProgramRequest programRequest) {
 
@@ -229,7 +229,7 @@ public HttpResponse<Response<ProgramUser>> getProgramUser(@PathVariable UUID pro
     @Post("/programs/{programId}/users")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ProgramUser>> addProgramUser(@PathVariable UUID programId, @Valid @Body ProgramUserRequest programUserRequest) {
         /* Add a user to a program. Create the user if they don't exist. */
 
@@ -253,7 +253,7 @@ public HttpResponse<Response<ProgramUser>> addProgramUser(@PathVariable UUID pro
     @Put("/programs/{programId}/users/{userId}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.SYSTEM_ADMIN, ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.SYSTEM_ADMIN, ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUser>> updateProgramUser(@PathVariable UUID programId, @PathVariable UUID userId,
                                                                  @Valid @Body ProgramUserRequest programUserRequest) {
         try {
@@ -278,7 +278,7 @@ public HttpResponse<Response<ProgramUser>> updateProgramUser(@PathVariable UUID
 
     @Delete("/programs/{programId}/users/{userId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse archiveProgramUser(@PathVariable UUID programId, @PathVariable UUID userId) {
 
         try {
@@ -359,7 +359,7 @@ public HttpResponse<Response<ProgramLocation>> getProgramLocations(@PathVariable
     @Post("/programs/{programId}/locations")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramLocation>> addProgramLocation(@PathVariable UUID programId,
                                                                       @Valid @Body ProgramLocationRequest locationRequest) {
 
@@ -383,7 +383,7 @@ public HttpResponse<Response<ProgramLocation>> addProgramLocation(@PathVariable
     @Put("/programs/{programId}/locations/{locationId}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<Program>> updateProgramLocation(@PathVariable UUID programId,
                                                                  @PathVariable UUID locationId,
                                                                  @Valid @Body ProgramLocationRequest locationRequest) {
@@ -407,7 +407,7 @@ public HttpResponse<Response<Program>> updateProgramLocation(@PathVariable UUID
 
     @Delete("/programs/{programId}/locations/{locationId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse archiveProgramLocation(@PathVariable UUID programId,
                                               @PathVariable UUID locationId) {
 
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java b/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java
index 3e6e1869c..775bcc859 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/TraitController.java
@@ -162,7 +162,7 @@ public HttpResponse<Response<Editable>> getTraitEditable(@PathVariable UUID prog
 
     @Post("/programs/{programId}/traits")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse createTraits(@PathVariable UUID programId, @Body @Valid List<Trait> traits) {
         AuthenticatedUser actingUser = securityService.getUser();
         try {
@@ -190,7 +190,7 @@ public HttpResponse createTraits(@PathVariable UUID programId, @Body @Valid List
 
     @Put("/programs/{programId}/traits")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse updateTraits(@PathVariable UUID programId, @Body @Valid List<Trait> traits) {
         AuthenticatedUser actingUser = securityService.getUser();
         try {
@@ -219,7 +219,7 @@ public HttpResponse updateTraits(@PathVariable UUID programId, @Body @Valid List
     @Put("/programs/{programId}/traits/{traitId}/archive{?active}")
     @AddMetadata
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<Trait>> archiveTrait(@PathVariable UUID programId, @PathVariable UUID traitId, @QueryValue(defaultValue = "false") Boolean active) {
 
         AuthenticatedUser actingUser = securityService.getUser();
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java b/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java
index 59bbd7280..4a7e8eb30 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/TraitUploadController.java
@@ -65,7 +65,7 @@ public TraitUploadController(TraitUploadService traitUploadService, SecurityServ
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUpload>> putTraitUpload(@PathVariable UUID programId, @Part CompletedFileUpload file) {
 
         try {
@@ -94,7 +94,7 @@ public HttpResponse<Response<ProgramUpload>> putTraitUpload(@PathVariable UUID p
 
     @Get("/programs/{programId}/trait-upload{?queryParams*}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUpload>> getTraitUpload(
             @PathVariable UUID programId,
             @QueryValue @QueryValid(using = TraitQueryMapper.class) @Valid QueryParams queryParams) {
@@ -112,7 +112,7 @@ public HttpResponse<Response<ProgramUpload>> getTraitUpload(
 
     @Post("/programs/{programId}/trait-upload/search{?queryParams*}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ProgramUpload>> searchTraitUpload(
             @PathVariable UUID programId,
             @QueryValue @QueryValid(using = TraitQueryMapper.class) @Valid QueryParams queryParams,
@@ -131,7 +131,7 @@ public HttpResponse<Response<ProgramUpload>> searchTraitUpload(
 
     @Delete("/programs/{programId}/trait-upload")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse deleteTraitUpload(@PathVariable UUID programId) {
 
         try {
@@ -147,7 +147,7 @@ public HttpResponse deleteTraitUpload(@PathVariable UUID programId) {
 
     @Post("/programs/{programId}/trait-upload/{traitUploadId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse confirmTraitUpload(@PathVariable UUID programId,
                                            @PathVariable UUID traitUploadId) {
         try {
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java b/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java
index 5977bd504..df6615458 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/geno/GenotypeDataUploadController.java
@@ -36,7 +36,7 @@ public GenotypeDataUploadController(GenotypeService genoService, SecurityService
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN})
     public HttpResponse<Response<ImportResponse>> uploadData(@PathVariable UUID programId, @PathVariable UUID experimentId, @Part("file") CompletedFileUpload upload) {
         AuthenticatedUser actingUser = securityService.getUser();
         try {
diff --git a/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java b/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java
index c9ea3ec39..9555c3856 100644
--- a/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java
+++ b/src/main/java/org/breedinginsight/brapps/importer/controllers/ImportController.java
@@ -84,7 +84,7 @@ public HttpResponse<Response<DataResponse<ImportConfigResponse>>> getImportTypes
     @Get("/programs/{programId}/import/mappings{?draft}")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<DataResponse<ImportMapping>>> getMappings(@PathVariable UUID programId,
                                                                            @QueryValue(defaultValue = "false") Boolean draft) {
 
diff --git a/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java b/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java
index 68c15014b..0943bdd81 100644
--- a/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java
+++ b/src/main/java/org/breedinginsight/brapps/importer/controllers/UploadController.java
@@ -56,7 +56,7 @@ public class UploadController {
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> uploadData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @Part("file") CompletedFileUpload file) {
         try {
@@ -88,7 +88,7 @@ public HttpResponse<Response<ImportResponse>> uploadData(@PathVariable UUID prog
     @Consumes(MediaType.MULTIPART_FORM_DATA)
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> getUploadData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @PathVariable UUID uploadId, @QueryValue(defaultValue = "false") Boolean mapping) {
         try {
@@ -109,7 +109,7 @@ public HttpResponse<Response<ImportResponse>> getUploadData(@PathVariable UUID p
     @Put("programs/{programId}/import/mappings/{mappingId}/data/{uploadId}/commit")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> commitData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @PathVariable UUID uploadId, @Body @Nullable Map<String, Object> userInput) {
         try {
@@ -135,7 +135,7 @@ public HttpResponse<Response<ImportResponse>> commitData(@PathVariable UUID prog
     @Put("programs/{programId}/import/mappings/{mappingId}/data/{uploadId}/preview")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                               @PathVariable UUID uploadId) {
         try {
@@ -161,7 +161,7 @@ public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID pro
     @Put("programs/{programId}/import/mappings/{mappingId}/workflows/{workflowId}/data/{uploadId}/preview")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                               @PathVariable String workflowId, @PathVariable UUID uploadId) {
         try {
@@ -187,7 +187,7 @@ public HttpResponse<Response<ImportResponse>> previewData(@PathVariable UUID pro
     @Put("programs/{programId}/import/mappings/{mappingId}/workflows/{workflowId}/data/{uploadId}/commit")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @ProgramSecured(roles = {ProgramSecuredRole.BREEDER, ProgramSecuredRole.SYSTEM_ADMIN})
+    @ProgramSecured(roles = {ProgramSecuredRole.PROGRAM_ADMIN, ProgramSecuredRole.SYSTEM_ADMIN})
     public HttpResponse<Response<ImportResponse>> commitData(@PathVariable UUID programId, @PathVariable UUID mappingId,
                                                              @PathVariable String workflowId, @PathVariable UUID uploadId,
                                                              @Body @Nullable Map<String, Object> userInput) {
diff --git a/src/main/resources/db/migration/V1.24.0__update_roles.sql b/src/main/resources/db/migration/V1.24.0__update_roles.sql
new file mode 100644
index 000000000..ff4f7b738
--- /dev/null
+++ b/src/main/resources/db/migration/V1.24.0__update_roles.sql
@@ -0,0 +1,28 @@
+/*
+ * See the NOTICE file distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+UPDATE system_role
+SET domain = 'System Administrator'
+WHERE domain = 'admin';
+
+UPDATE role
+SET domain = 'Program Administrator'
+WHERE domain = 'breeder';
+
+UPDATE role
+SET domain = 'Read Only'
+WHERE domain = 'member';
\ No newline at end of file

From 081d750497f824e0b698f1019511994559ddb842 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Fri, 19 Jul 2024 17:34:29 -0400
Subject: [PATCH 05/12] [BI-1692] - Unit Test Fixes

---
 .../controller/ProgramControllerIntegrationTest.java |  2 +-
 ...ObservationVariablesControllerIntegrationTest.sql |  6 +++---
 .../sql/ProgramControllerIntegrationTest.sql         |  8 ++++----
 .../ProgramSecuredAnnotationRuleIntegrationTest.sql  |  6 +++---
 .../resources/sql/UserControllerIntegrationTest.sql  | 12 ++++++------
 5 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
index f9367c6db..290f3161a 100644
--- a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
+++ b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
@@ -289,7 +289,7 @@ public Species getTestSpecies() {
 
     public Role getTestRole() {
         List<Role> roles = roleService.getAll();
-        return roles.stream().filter(role -> role.getDomain().equals("breeder")).collect(Collectors.toList()).get(0);
+        return roles.stream().filter(role -> role.getDomain().equals("Program Administrator")).collect(Collectors.toList()).get(0);
     }
 
     public Country getTestCountry() {
diff --git a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
index 42e5193e5..a76993678 100644
--- a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
+++ b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
@@ -35,14 +35,14 @@ join bi_user on bi_user.name = 'system' and program.name = 'Test Program' limit
 insert into program_user_role (program_id, user_id, role_id, created_by, updated_by)
 select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user
 join program on program.name = 'Test Program'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where bi_user.name = 'Test User'
 
 -- name: InsertOtherTestProgramUser
 insert into program_user_role (program_id, user_id, role_id, created_by, updated_by)
 select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user
 join program on program.name = 'Test Program'
-join role on role.domain = 'member'
+join role on role.domain = 'Read only'
 where bi_user.name = 'Other Test User'
 
 -- name: InsertOtherProgram
@@ -64,6 +64,6 @@ join bi_user on bi_user.name = 'system' and program.name = 'Other Test Program'
 insert into program_user_role (program_id, user_id, role_id, created_by, updated_by)
 select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user
 join program on program.name = 'Other Test Program'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where bi_user.name = 'Other Test User'
 
diff --git a/src/test/resources/sql/ProgramControllerIntegrationTest.sql b/src/test/resources/sql/ProgramControllerIntegrationTest.sql
index 0c05b39d3..a1da2c56a 100644
--- a/src/test/resources/sql/ProgramControllerIntegrationTest.sql
+++ b/src/test/resources/sql/ProgramControllerIntegrationTest.sql
@@ -82,7 +82,7 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where
 bi_user.name like 'user1%';
 
@@ -91,7 +91,7 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where
 bi_user.name like 'user2%';
 
@@ -100,7 +100,7 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where
 bi_user.name like 'user2%';
 
@@ -109,6 +109,6 @@ select
 bi_user.id, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where
 bi_user.name like 'user9';
\ No newline at end of file
diff --git a/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql b/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql
index 221d11009..17f08c19d 100644
--- a/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql
+++ b/src/test/resources/sql/ProgramSecuredAnnotationRuleIntegrationTest.sql
@@ -41,7 +41,7 @@ select
 ?::uuid, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member';
+join role on role.domain = 'Read Only';
 
 -- name: InsertProgramRolesBreeder
 
@@ -50,7 +50,7 @@ select
 ?::uuid, ?::uuid, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where bi_user.name = 'system';
 
 -- name: InsertSystemRoleAdmin
@@ -60,6 +60,6 @@ select ?::uuid, system_role.id, bi_user.id, bi_user.id
 from
 bi_user
 join
-system_role on system_role.domain = 'admin'
+system_role on system_role.domain = 'System Administrator'
 where bi_user.name = 'system';
 
diff --git a/src/test/resources/sql/UserControllerIntegrationTest.sql b/src/test/resources/sql/UserControllerIntegrationTest.sql
index 4363f73a3..55cafed8d 100644
--- a/src/test/resources/sql/UserControllerIntegrationTest.sql
+++ b/src/test/resources/sql/UserControllerIntegrationTest.sql
@@ -30,7 +30,7 @@ insert into program_user_role (program_id, user_id, role_id, created_by, updated
 select program.id, bi_user.id, role.id, system_user.id, system_user.id
 from program
 join bi_user on bi_user.name = 'Test User' or bi_user.name = 'Other Test User'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 join bi_user as system_user on system_user.name = 'system'
 where program.name = 'Test Program';
 
@@ -38,7 +38,7 @@ insert into program_user_role (program_id, user_id, role_id, active, created_by,
 select program.id, bi_user.id, role.id, false, system_user.id, system_user.id
 from program
 join bi_user on bi_user.name = 'Test User' or bi_user.name = 'Other Test User'
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 join bi_user as system_user on system_user.name = 'system'
 where program.name = 'Test Program1';
 
@@ -98,7 +98,7 @@ values
 
 insert into system_user_role (bi_user_id, system_role_id, created_by, updated_by)
 select bi_user.id, system_role.id, user_id, user_id from bi_user
-join system_role on system_role.domain = 'admin' where bi_user.name like 'user1%';
+join system_role on system_role.domain = 'System Administrator' where bi_user.name like 'user1%';
 
 
 insert into program_user_role (user_id, program_id, role_id, created_by, updated_by)
@@ -106,7 +106,7 @@ select
 bi_user.id, program1, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'member'
+join role on role.domain = 'Read Only'
 where
 bi_user.name like 'user%';
 
@@ -115,7 +115,7 @@ select
 bi_user.id, program2, role.id, bi_user.id, bi_user.id
 from
 bi_user
-join role on role.domain = 'breeder'
+join role on role.domain = 'Program Administrator'
 where
 bi_user.name like 'user2%';
 
@@ -132,5 +132,5 @@ select ?::uuid, system_role.id, bi_user.id, bi_user.id
 from
 bi_user
 join
-system_role on system_role.domain = 'admin'
+system_role on system_role.domain = 'System Administrator'
 where bi_user.name = 'system';
\ No newline at end of file

From 12d2f64109a7dd855440a93558ee6d32eb459cf4 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Tue, 23 Jul 2024 12:00:06 -0400
Subject: [PATCH 06/12] [BI-1692] - Missed Role Changes

---
 .../api/v1/controller/ProgramController.java                | 4 ++--
 .../breedinginsight/api/v1/controller/UserController.java   | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
index edeeff027..8fe584a76 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
@@ -122,7 +122,7 @@ public HttpResponse<Response<Program>> getProgram(@PathVariable UUID programId)
 
     @Post("/programs")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     @AddMetadata
     public HttpResponse<Response<Program>> createProgram(@Valid @Body ProgramRequest programRequest) {
 
@@ -162,7 +162,7 @@ public HttpResponse<Response<Program>> updateProgram(@PathVariable UUID programI
 
     @Delete("/programs/archive/{programId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     @AddMetadata
     public HttpResponse archiveProgram(@PathVariable UUID programId) {
         /* Archive a program */
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
index 360379a49..de9b563ea 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
@@ -123,7 +123,7 @@ public HttpResponse<Response<DataResponse<Program>>> postUsersSearch(
     @Post("/users")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     public HttpResponse<Response<User>> createUser(@Body @Valid UserRequest requestUser){
 
         try {
@@ -165,7 +165,7 @@ public HttpResponse<Response<User>> updateUser(@PathVariable UUID userId, @Body
 
     @Delete("/users/{userId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     public HttpResponse archiveUser(@PathVariable UUID userId){
 
         try {
@@ -206,7 +206,7 @@ public HttpResponse<Response<User>> updateUserSystemRoles(@PathVariable UUID use
 
     @Put("users/{userId}/resend-email")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"ADMIN"})
+    @Secured({"SYSTEM_ADMIN"})
     public HttpResponse resendWelcomeEmail(@PathVariable UUID userId) {
         try {
             userService.createAndSendAccountToken(userId);

From e82776447b8b6609fe5bea893b9b83ad98427d54 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Thu, 25 Jul 2024 17:59:46 -0400
Subject: [PATCH 07/12] [BI-1692] - Migration Num and Micronaut Role Fixes

---
 .../api/v1/controller/ProgramController.java              | 4 ++--
 .../breedinginsight/api/v1/controller/UserController.java | 8 ++++----
 ...1.24.0__update_roles.sql => V1.25.0__update_roles.sql} | 0
 3 files changed, 6 insertions(+), 6 deletions(-)
 rename src/main/resources/db/migration/{V1.24.0__update_roles.sql => V1.25.0__update_roles.sql} (100%)

diff --git a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
index 8fe584a76..5464fc315 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/ProgramController.java
@@ -122,7 +122,7 @@ public HttpResponse<Response<Program>> getProgram(@PathVariable UUID programId)
 
     @Post("/programs")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"SYSTEM_ADMIN"})
+    @Secured("SYSTEM ADMINISTRATOR")
     @AddMetadata
     public HttpResponse<Response<Program>> createProgram(@Valid @Body ProgramRequest programRequest) {
 
@@ -162,7 +162,7 @@ public HttpResponse<Response<Program>> updateProgram(@PathVariable UUID programI
 
     @Delete("/programs/archive/{programId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"SYSTEM_ADMIN"})
+    @Secured("SYSTEM ADMINISTRATOR")
     @AddMetadata
     public HttpResponse archiveProgram(@PathVariable UUID programId) {
         /* Archive a program */
diff --git a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
index de9b563ea..460c6c760 100644
--- a/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
+++ b/src/main/java/org/breedinginsight/api/v1/controller/UserController.java
@@ -123,7 +123,7 @@ public HttpResponse<Response<DataResponse<Program>>> postUsersSearch(
     @Post("/users")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @Secured({"SYSTEM_ADMIN"})
+    @Secured("SYSTEM ADMINISTRATOR")
     public HttpResponse<Response<User>> createUser(@Body @Valid UserRequest requestUser){
 
         try {
@@ -165,7 +165,7 @@ public HttpResponse<Response<User>> updateUser(@PathVariable UUID userId, @Body
 
     @Delete("/users/{userId}")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"SYSTEM_ADMIN"})
+    @Secured("SYSTEM ADMINISTRATOR")
     public HttpResponse archiveUser(@PathVariable UUID userId){
 
         try {
@@ -184,7 +184,7 @@ public HttpResponse archiveUser(@PathVariable UUID userId){
     @Put("users/{userId}/roles")
     @Produces(MediaType.APPLICATION_JSON)
     @AddMetadata
-    @Secured({"ADMIN"})
+    @Secured("SYSTEM ADMINISTRATOR")
     public HttpResponse<Response<User>> updateUserSystemRoles(@PathVariable UUID userId, @Body @Valid SystemRolesRequest requestUser) {
 
         try {
@@ -206,7 +206,7 @@ public HttpResponse<Response<User>> updateUserSystemRoles(@PathVariable UUID use
 
     @Put("users/{userId}/resend-email")
     @Produces(MediaType.APPLICATION_JSON)
-    @Secured({"SYSTEM_ADMIN"})
+    @Secured("SYSTEM ADMINISTRATOR")
     public HttpResponse resendWelcomeEmail(@PathVariable UUID userId) {
         try {
             userService.createAndSendAccountToken(userId);
diff --git a/src/main/resources/db/migration/V1.24.0__update_roles.sql b/src/main/resources/db/migration/V1.25.0__update_roles.sql
similarity index 100%
rename from src/main/resources/db/migration/V1.24.0__update_roles.sql
rename to src/main/resources/db/migration/V1.25.0__update_roles.sql

From 21e55c974cb3829d77627c33fac0f973d17768bd Mon Sep 17 00:00:00 2001
From: HMS17 <84345306+HMS17@users.noreply.github.com>
Date: Thu, 25 Jul 2024 18:45:17 -0400
Subject: [PATCH 08/12] [BI-1692] Removed old num migration

---
 .../db/migration/V1.24.0__update_roles.sql    | 28 -------------------
 1 file changed, 28 deletions(-)
 delete mode 100644 src/main/resources/db/migration/V1.24.0__update_roles.sql

diff --git a/src/main/resources/db/migration/V1.24.0__update_roles.sql b/src/main/resources/db/migration/V1.24.0__update_roles.sql
deleted file mode 100644
index ff4f7b738..000000000
--- a/src/main/resources/db/migration/V1.24.0__update_roles.sql
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * See the NOTICE file distributed with this work for additional information
- * regarding copyright ownership.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-UPDATE system_role
-SET domain = 'System Administrator'
-WHERE domain = 'admin';
-
-UPDATE role
-SET domain = 'Program Administrator'
-WHERE domain = 'breeder';
-
-UPDATE role
-SET domain = 'Read Only'
-WHERE domain = 'member';
\ No newline at end of file

From 45dd430fbbcf057162377bd7d8780e9a75586301 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Mon, 29 Jul 2024 09:48:50 -0400
Subject: [PATCH 09/12] [BI-1692] - Unit Test Fixes

---
 .../api/v1/controller/TestTokenValidator.java               | 6 +++---
 .../utilities/response/mappers/UserQueryMapperUnitTest.java | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java b/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java
index 8e12633a5..644ddc046 100644
--- a/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java
+++ b/src/test/java/org/breedinginsight/api/v1/controller/TestTokenValidator.java
@@ -56,7 +56,7 @@ public Publisher<Authentication> validateToken(String token) {
             Optional<User> testUser = userService.getByOrcid(TEST_USER_ORCID);
             Map<String, Object> adminClaims = new HashMap<>();
             List<String> roles = new ArrayList<>();
-            roles.add("ADMIN");
+            roles.add("SYSTEM ADMINISTRATOR");
             adminClaims.put("roles", roles);
             adminClaims.put("id", testUser.get().getId().toString());
             return Flowable.just(new DefaultAuthentication(TEST_USER_ORCID, adminClaims));
@@ -77,7 +77,7 @@ public Publisher<Authentication> validateToken(String token) {
         } else if (token.equals("non-existent-user")){
             Map<String, Object> adminClaims = new HashMap<>();
             List<String> roles = new ArrayList<>();
-            roles.add("ADMIN");
+            roles.add("SYSTEM ADMINISTRATOR");
             adminClaims.put("roles", roles);
             adminClaims.put("id", NON_EXISTENT_USER_ID);
             return Flowable.just(new DefaultAuthentication(NON_EXISTENT_USER_ID, adminClaims));
@@ -85,7 +85,7 @@ public Publisher<Authentication> validateToken(String token) {
             Optional<User> inactiveUser = userService.getByOrcid(INACTIVE_USER_ORCID);
             Map<String, Object> adminClaims = new HashMap<>();
             List<String> roles = new ArrayList<>();
-            roles.add("ADMIN");
+            roles.add("SYSTEM ADMINISTRATOR");
             adminClaims.put("roles", roles);
             adminClaims.put("id", inactiveUser.get().getId().toString());
             return Flowable.just(new DefaultAuthentication(INACTIVE_USER_ORCID, adminClaims));
diff --git a/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java b/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java
index 1229f2597..8e5be117d 100644
--- a/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java
+++ b/src/test/java/org/breedinginsight/utilities/response/mappers/UserQueryMapperUnitTest.java
@@ -49,7 +49,7 @@ public void testMappings() {
                 .name("Test User")
                 .email("test@user.com")
                 .orcid("000000-000000-000000-00000")
-                .systemRoles(List.of(SystemRole.builder().domain("admin").build()))
+                .systemRoles(List.of(SystemRole.builder().domain("System Administrator").build()))
                 .programRoles(List.of(ProgramUser.builder().program(Program.builder().name("Test program").build()).build()))
                 .active(false)
                 .createdAt(OffsetDateTime.now())

From 8696ff58a4ab4af4ec8fd1fc90854229a1947e12 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Tue, 30 Jul 2024 12:16:58 -0400
Subject: [PATCH 10/12] [BI-1692] - Unit Test Fixes, Program Admin

---
 .../api/v1/controller/ProgramControllerIntegrationTest.java   | 2 +-
 src/test/resources/sql/UploadControllerIntegrationTest.sql    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
index 290f3161a..b3ef32a2b 100644
--- a/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
+++ b/src/test/java/org/breedinginsight/api/v1/controller/ProgramControllerIntegrationTest.java
@@ -2474,7 +2474,7 @@ public void searchProgramUsers() {
         SearchRequest searchRequest = new SearchRequest();
 
         searchRequest.setFilters(new ArrayList<>());
-        searchRequest.getFilters().add(new FilterRequest("roles", "breed"));
+        searchRequest.getFilters().add(new FilterRequest("roles", "Program Administrator"));
 
         Flowable<HttpResponse<String>> call = client.exchange(
                 POST("/programs/" + validProgram.getId() + "/users/search?page=1&pageSize=20&sortField=roles&sortOrder=ASC", searchRequest).cookie(new NettyCookie("phylo-token", "test-registered-user")), String.class
diff --git a/src/test/resources/sql/UploadControllerIntegrationTest.sql b/src/test/resources/sql/UploadControllerIntegrationTest.sql
index ea205f4c7..17aabbec1 100644
--- a/src/test/resources/sql/UploadControllerIntegrationTest.sql
+++ b/src/test/resources/sql/UploadControllerIntegrationTest.sql
@@ -26,13 +26,13 @@ join bi_user on bi_user.name = 'system' limit 1;
 insert into program_user_role(program_id, user_id, role_id, active, created_by, updated_by)
 select program.id, bi_user.id, role.id, 'true', bi_user.id, bi_user.id from program
 join bi_user on bi_user.name = 'Test User'
-join role on role.domain = 'breeder' limit 1;
+join role on role.domain = 'Program Administrator' limit 1;
 
 -- name: InsertInactiveProgramUser
 insert into program_user_role(program_id, user_id, role_id, active, created_by, updated_by)
 select program.id, bi_user.id, role.id, 'false', bi_user.id, bi_user.id from program
 join bi_user on bi_user.name = 'Another Test User'
-join role on role.domain = 'breeder' limit 1;
+join role on role.domain = 'Program Administrator' limit 1;
 
 -- name: InsertProgramObservationLevel
 insert into program_observation_level(program_id, name, created_by, updated_by)

From 2178c168e9e45b4442c4d49ad9781fa3190f6a73 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Mon, 5 Aug 2024 16:29:15 -0400
Subject: [PATCH 11/12] [BI-1692] - Fixing inconsistent case

---
 .../sql/BrapiObservationVariablesControllerIntegrationTest.sql  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
index a76993678..d413c28c1 100644
--- a/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
+++ b/src/test/resources/sql/BrapiObservationVariablesControllerIntegrationTest.sql
@@ -42,7 +42,7 @@ where bi_user.name = 'Test User'
 insert into program_user_role (program_id, user_id, role_id, created_by, updated_by)
 select program.id, bi_user.id, role.id, bi_user.id, bi_user.id from bi_user
 join program on program.name = 'Test Program'
-join role on role.domain = 'Read only'
+join role on role.domain = 'Read Only'
 where bi_user.name = 'Other Test User'
 
 -- name: InsertOtherProgram

From 0395380b6484acfd10ee81eb6b53f21c74864ef4 Mon Sep 17 00:00:00 2001
From: HMS17 <hms243@cornell.edu>
Date: Mon, 5 Aug 2024 17:35:33 -0400
Subject: [PATCH 12/12] [BI-1692] - Restored Experimental Collaborator enum

---
 .../java/org/breedinginsight/api/auth/ProgramSecuredRole.java  | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
index 9e9cf4d4d..f396c6e59 100644
--- a/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
+++ b/src/main/java/org/breedinginsight/api/auth/ProgramSecuredRole.java
@@ -21,7 +21,8 @@ public enum ProgramSecuredRole {
 
     READ_ONLY("Read Only"),
     PROGRAM_ADMIN("Program Administrator"),
-    SYSTEM_ADMIN("System Administrator");
+    SYSTEM_ADMIN("System Administrator"),
+    EXPERIMENTAL_COLLABORATOR("Experimental Collaborator");
 
     private String domain;