docs: update roles and permissions documentation
Some checks are pending
Docker Test / test (push) Waiting to run
Some checks are pending
Docker Test / test (push) Waiting to run
This commit is contained in:
BibaBot Jarvis
parent
097d1af837
commit
ba32d67023
1 changed files with 35 additions and 1 deletions
|
|
@ -73,3 +73,37 @@
|
||||||
- Rollen-Claims in API-Security-Konzept referenziert
|
- Rollen-Claims in API-Security-Konzept referenziert
|
||||||
- Role-Checks fuer neue Endpunkte verpflichtend
|
- Role-Checks fuer neue Endpunkte verpflichtend
|
||||||
- Audit-Events fuer Admin/Moderation spezifiziert
|
- Audit-Events fuer Admin/Moderation spezifiziert
|
||||||
|
|
||||||
|
## Implementierung
|
||||||
|
|
||||||
|
Die Rollen werden in der Datenbank als `role`-Feld im `users`-Table gespeichert. Die Middleware `requireRole` prüft, ob der eingeloggte Benutzer die benötigte Rolle besitzt.
|
||||||
|
|
||||||
|
### Beispiel für eine geschützte Route:
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
const express = require('express');
|
||||||
|
const router = express.Router();
|
||||||
|
const { requireRole } = require('../middleware/role.middleware');
|
||||||
|
|
||||||
|
// Nur Admins dürfen diese Route aufrufen
|
||||||
|
router.delete('/users/:userId', requireRole(['admin']), async (req, res) => {
|
||||||
|
// ...
|
||||||
|
});
|
||||||
|
```
|
||||||
|
|
||||||
|
### Beispiel für eine Middleware zur Rollenprüfung:
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
// backend/middleware/role.middleware.js
|
||||||
|
const requireRole = (allowedRoles) => {
|
||||||
|
return (req, res, next) => {
|
||||||
|
const userRole = req.user.role; // aus JWT
|
||||||
|
if (!allowedRoles.includes(userRole)) {
|
||||||
|
return res.status(403).json({ error: 'Forbidden' });
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports = { requireRole };
|
||||||
|
```
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue