openclaw/helpyourneighbour
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add issue #124 for RBAC implementation
Some checks are pending
Docker Test / test (push) Waiting to run
Details

Browse source
This commit is contained in:
BibaBot Jarvis 2026-03-16 10:06:38 +00:00
parent ba32d67023
commit 507b2772d3
1 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

32
ISSUE-124.md Normal file
View file

@ -0,0 +1,32 @@
# Issue #124: Implement Role-Based Access Control (RBAC) for API Endpoints
## Description
Implement role-based access control (RBAC) for the API endpoints to ensure that users can only perform actions allowed by their role (`user`, `moderator`, `admin`). This includes:
- Middleware to check user roles on protected routes
- Integration with JWT claims
- Audit logging for sensitive actions
- Documentation of the RBAC model
## Acceptance Criteria
- [ ] JWT middleware extracts role from token
- [ ] `requireRole` middleware implemented and tested
- [ ] All existing API endpoints have appropriate role checks
- [ ] Sensitive actions are logged with audit events
- [ ] Documentation updated to reflect RBAC implementation
- [ ] Tests added for role-based access
## Tasks
1. Implement `requireRole` middleware in `backend/middleware/role.middleware.js`
2. Add role checks to existing API routes
3. Integrate role checking into JWT authentication flow
4. Implement audit logging for sensitive actions
5. Update documentation (`docs/roles-and-permissions.md`)
6. Write tests for RBAC functionality
## Notes
This is a follow-up to the existing roles and permissions documentation in `docs/roles-and-permissions.md`. The implementation should align with the defined roles and permissions matrix.