feat: Implement role-based access control middleware and update documentation
Some checks are pending
Docker Test / test (push) Waiting to run
Some checks are pending
Docker Test / test (push) Waiting to run
This commit is contained in:
BibaBot Jarvis
parent
7c9862a08a
commit
30bd7f0214
4 changed files with 65 additions and 2 deletions
|
|
@ -53,7 +53,7 @@
|
|||
## Technische Durchsetzung
|
||||
|
||||
- JWT enthaelt `role` Claim (`user|moderator|admin`)
|
||||
- Serverseitige Middleware `requireRole([...])` fuer Endpunkte
|
||||
- Serverseitige Middleware `requireRole([...])` fuer Endpunkte (implementiert in `backend/middleware/role.middleware.js`)
|
||||
- Sensible Aktionen schreiben Audit-Eintrag mit:
|
||||
- actorUserId
|
||||
- action
|
||||
|
|
@ -72,4 +72,4 @@
|
|||
- Rollenmodell im Repo dokumentiert
|
||||
- Rollen-Claims in API-Security-Konzept referenziert
|
||||
- Role-Checks fuer neue Endpunkte verpflichtend
|
||||
- Audit-Events fuer Admin/Moderation spezifiziert
|
||||
- Audit-Events fuer Admin/Moderation spezifiziert
|
||||
Loading…
Add table
Add a link
Reference in a new issue