bug: Non admin users cannot run scripts wich require auth using http route

[N4v41]

Describe the bug

Hello team and community, First off, as always thanks for the great work on windmill!! I'm trying to create a restricted user to run specific scripts using routes. when the token is created and the user is not a super admin on the instance, the REST call always returns error 401 "Not authorized: Unauthorized" If the user is a superadmin and creates a token, then it can run the script using the route. However, if the user is downgraded to a regular user on the instance and an operator on the workspace, and then creates another token, the same unauthorized behavior occurs.

While trying to understand this, I checked the tokens table in the database. When a user is a super admin and creates a token, and then is downgraded to a regular user, the token still has the super_admin column set to true. Is this the expected behavior? Shouldn’t this column change as the user’s permissions on the instance changes?

To reproduce

1. create an http route to a script
2. give access to an operator user to the route and script
3. try to call via curl the route
4. See error

Expected behavior

operator user with access to the route and script being able to run the script using the custom route

Screenshots

No response

Browser information

N/A

Application version

Windmill CE v1.423.1

Additional Context

running the script using the webhook as the restricted user runs normally