openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: Implement RBAC for dispute endpoints
Some checks are pending
Docker Test / test (push) Waiting to run
Details

Browse source
This commit is contained in:
J.A.R.V.I.S. 2026-03-20 06:07:28 +00:00
parent 82eea3ea98
commit 18848a664f
1 changed files with 13 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

25
backend/src/dispute-flow/dispute-flow.routes.ts
View file

@ -1,10 +1,11 @@
import express from 'express'; import express from 'express';
import { DisputeFlowService } from './dispute-flow.service'; import { DisputeFlowService } from './dispute-flow.service';
import { requireRole } from '../middleware/requireRole';
const router = express.Router(); const router = express.Router();
// Create a new dispute // Create a new dispute - requires 'user' role
router.post('/disputes', async (req, res) => { router.post('/disputes', requireRole(['user']), async (req, res) => {
try { try {
const dispute = await DisputeFlowService.createDispute(req.body); const dispute = await DisputeFlowService.createDispute(req.body);
res.status(201).json(dispute); res.status(201).json(dispute);
@ -14,8 +15,8 @@ router.post('/disputes', async (req, res) => {
} }
}); });
// Add evidence to a dispute // Add evidence to a dispute - requires 'user' role
router.post('/disputes/:id/evidence', async (req, res) => { router.post('/disputes/:id/evidence', requireRole(['user']), async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
const { actorUserId, ...evidenceData } = req.body; const { actorUserId, ...evidenceData } = req.body;
@ -28,8 +29,8 @@ router.post('/disputes/:id/evidence', async (req, res) => {
} }
}); });
// Update dispute status // Update dispute status - requires 'moderator' or 'admin' role
router.post('/disputes/:id/status', async (req, res) => { router.post('/disputes/:id/status', requireRole(['moderator', 'admin']), async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
const { actorUserId, newStatus } = req.body; const { actorUserId, newStatus } = req.body;
@ -42,8 +43,8 @@ router.post('/disputes/:id/status', async (req, res) => {
} }
}); });
// Resolve a dispute // Resolve a dispute - requires 'moderator' or 'admin' role
router.post('/disputes/:id/resolve', async (req, res) => { router.post('/disputes/:id/resolve', requireRole(['moderator', 'admin']), async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
const { actorUserId, ...decisionData } = req.body; const { actorUserId, ...decisionData } = req.body;
@ -56,8 +57,8 @@ router.post('/disputes/:id/resolve', async (req, res) => {
} }
}); });
// Get dispute details // Get dispute details - requires 'user', 'moderator', or 'admin' role
router.get('/disputes/:id', async (req, res) => { router.get('/disputes/:id', requireRole(['user', 'moderator', 'admin']), async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
const dispute = await DisputeFlowService.getDispute(parseInt(id)); const dispute = await DisputeFlowService.getDispute(parseInt(id));
@ -73,8 +74,8 @@ router.get('/disputes/:id', async (req, res) => {
} }
}); });
// Get dispute events // Get dispute events - requires 'user', 'moderator', or 'admin' role
router.get('/disputes/:id/events', async (req, res) => { router.get('/disputes/:id/events', requireRole(['user', 'moderator', 'admin']), async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
const events = await DisputeFlowService.getDisputeEvents(parseInt(id)); const events = await DisputeFlowService.getDisputeEvents(parseInt(id));